snakekeylogger | c6643f3a42c75b2c3b774c9f07bafa978b8ac79a4620a380067a3b4fab7b85a4 | Triage

Sharing

General

Target

c6643f3a42c75b2c3b774c9f07bafa978b8ac79a4620a380067a3b4fab7b85a4
Size

19KB
Sample

231030-rvavzsfd52
MD5

ede6f9a445bb4ecd8a30f0b4dd419c0b
SHA1

063c1ff595e85dc8de8a6a6859647c0797a33036
SHA256

c6643f3a42c75b2c3b774c9f07bafa978b8ac79a4620a380067a3b4fab7b85a4
SHA512

fa8162138871c7735ca7b5d7e8656a167e291c265ec27ac1591416a349dcc8512e80e5bbdf2168dd7b7aa15ae5abbf4bb8f1cb66e36ae1aec371c455062db103
SSDEEP

384:cGmaISe4G4b7Q6H0OJ7O4lIT8Y04sf2wCmT5yxCa9DYzD1hFpz:cGfxe4G4b7Q6UOJa4Rp4YOCWPYzD1Vz

Score

10^/10

snakekeylogger collection keylogger persistence stealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6491126749:AAEgYHjfebL8yDkuzneMucym5CaT8YIRGJE/sendMessage?chat_id=5262627523

Targets

- Target
  
  Mybxbutrghm.exe
- Size
  
  36KB
- MD5
  
  e3943355389d2af1de3dea068e7ca43e
- SHA1
  
  da4c486cdc0f0329f2e2969d9df698b91599d88c
- SHA256
  
  07f7c6e2ca27e05f3e3924f8b32cf92de6493ec4b7657beddc3243d7ae49cca5
- SHA512
  
  6cfb9713e4227189cf6401143b2f107bf40ccae5e227cb2e460fa82007297c510eaff72e6b7b599d762672d9146587770c2aeebfba80eba488c9167d29d61e7e
- SSDEEP
  
  768:RZOZ3fnxNzV5j1DLas3RqtGx+roLYP+k5:RZifXjj1DLasBC+k5
Score

10^/10

snakekeylogger collection keylogger persistence stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerpersistencestealer