snakekeylogger | fac373a26a5f0458890deea7bc93d6ea6e769eeb6440d56c5adf9f3da8838c90 | Triage

Sharing

General

Target

Yjntdre.exe
Size

26KB
Sample

231030-hn656sdc98
MD5

f02100eb5f3140c05def18e397fd6175
SHA1

dabcc934eec02af1b9faaed6e911791272c1a089
SHA256

fac373a26a5f0458890deea7bc93d6ea6e769eeb6440d56c5adf9f3da8838c90
SHA512

8825f91409483d0ea8113ddb37bb7115c381fc2d5e5d2135b71ed04779714fd8f6f9ac9bb114c88bccc5c5efbb184de959d0af03aeb0a8faf06ec298154e493f
SSDEEP

384:5PQ9Uh8DHZ7+tCO0VobNPnbn+b/AeH9F9wGjEnAtNCSGFqUD:duZtoZPbn+rLXiiEnuCLFqUD

Score

10^/10

snakekeylogger collection keylogger persistence stealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6491126749:AAEgYHjfebL8yDkuzneMucym5CaT8YIRGJE/sendMessage?chat_id=5262627523

Targets

- Target
  
  Yjntdre.exe
- Size
  
  26KB
- MD5
  
  f02100eb5f3140c05def18e397fd6175
- SHA1
  
  dabcc934eec02af1b9faaed6e911791272c1a089
- SHA256
  
  fac373a26a5f0458890deea7bc93d6ea6e769eeb6440d56c5adf9f3da8838c90
- SHA512
  
  8825f91409483d0ea8113ddb37bb7115c381fc2d5e5d2135b71ed04779714fd8f6f9ac9bb114c88bccc5c5efbb184de959d0af03aeb0a8faf06ec298154e493f
- SSDEEP
  
  384:5PQ9Uh8DHZ7+tCO0VobNPnbn+b/AeH9F9wGjEnAtNCSGFqUD:duZtoZPbn+rLXiiEnuCLFqUD
Score

10^/10

snakekeylogger collection keylogger persistence stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerpersistencestealer