snakekeylogger | a84acc5fbe08df8a0f7439ee0b595b43c7ddaaac6c4b9927932807fb69294b14

General

Target

hesaphareketi-01.exe
Size

514KB
Sample

231031-hn8zrsbb94
MD5

df9d5f4dd7b35e1288a6a0e07a98062f
SHA1

5b020e8de129627a692a4ef05037a5f9ce5b325f
SHA256

a84acc5fbe08df8a0f7439ee0b595b43c7ddaaac6c4b9927932807fb69294b14
SHA512

a075f1769d7ac5002f6ce44b40f3145ebb678030482dbe41d20a524fc8820e8ee68ecf471a1414e169aa5b30a750df9bed9f9e5db45150939c5bf0ac6e9026de
SSDEEP

12288:w8K69yqL+/jcidCDkudyLR5Cbm16RR6iXNVxhPlEAZfnWab:A6Xi/vUQudE3CCkwiXhLHZ/bb

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.gkas.com.tr
Port:
587
Username:
[email protected]
Password:
Gkasteknik@2022

Targets

- Target
  
  hesaphareketi-01.exe
- Size
  
  514KB
- MD5
  
  df9d5f4dd7b35e1288a6a0e07a98062f
- SHA1
  
  5b020e8de129627a692a4ef05037a5f9ce5b325f
- SHA256
  
  a84acc5fbe08df8a0f7439ee0b595b43c7ddaaac6c4b9927932807fb69294b14
- SHA512
  
  a075f1769d7ac5002f6ce44b40f3145ebb678030482dbe41d20a524fc8820e8ee68ecf471a1414e169aa5b30a750df9bed9f9e5db45150939c5bf0ac6e9026de
- SSDEEP
  
  12288:w8K69yqL+/jcidCDkudyLR5Cbm16RR6iXNVxhPlEAZfnWab:A6Xi/vUQudE3CCkwiXhLHZ/bb
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2