snakekeylogger | f1411667e4e147f14639180da7ce67bb7182be34770104a748882e4eb077cb96

General

Target

c6831026773fa273685bd3b584d18e6a.bin
Size

532KB
Sample

231029-csh19aga38
MD5

c5e2f48e5c9a92caefec14b8511254cc
SHA1

9c02e83885981b00db49fe61669d8c1d2a672815
SHA256

f1411667e4e147f14639180da7ce67bb7182be34770104a748882e4eb077cb96
SHA512

41c1c7ac60f2a4c9c023c341b7903a8a7a691eeda12e734e8be8f6bff0d6be797ccd23d2552c36cc4825ac64fa3a5ec6b70617ce7ab7580c8ea223d53927e220
SSDEEP

12288:CIfhkcYPu0+xGS2yjT8u4fmjFV9e4x0VB9IyVee1k19fJL:CIpkc/pr4OFL3QB+/e1k19x

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6248535023:AAEvCpw2Gs0HsAiSElW_xTdLU8K-oKbc0LU/sendMessage?chat_id=2076143622

Targets

- Target
  
  1cdba11094ae2b0b93b98bff9c6714293a14cb61bbe21a5a851a08d6e89507ce.exe
- Size
  
  644KB
- MD5
  
  c6831026773fa273685bd3b584d18e6a
- SHA1
  
  5e10090f47262a60fe3c0d2da9cf45d63bf2bf29
- SHA256
  
  1cdba11094ae2b0b93b98bff9c6714293a14cb61bbe21a5a851a08d6e89507ce
- SHA512
  
  82d74e72bf7e46fa529fcaac3f546bace51808f38cfc864712bc35c826388c0ea6e445f6aa33f917fa3cd0cf33dff814e5f80047a5e82b8027301bfe96537b2c
- SSDEEP
  
  12288:HPkiCBMR3tzaiJmgMK8nINpJ1voXE58rWc44wkOnnehXixdn2OJLR2W9XjE1rH1Y:8irtzazvGfvoXEoWMGnezOT
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2