snakekeylogger | 92f582920e73361b9cc4467e3aacc1c4159b6b337ac7d07f9e085968c2af1be0

General

Target

9f061ed14a6be403487e1d5d9f57c1c7.bin
Size

442KB
Sample

231105-c81agabh34
MD5

500ba67f1b89397c417a360ceb7d428c
SHA1

f5a954de789ad3dca2c79e1044fae03363ee055d
SHA256

92f582920e73361b9cc4467e3aacc1c4159b6b337ac7d07f9e085968c2af1be0
SHA512

0d69bd82556e3f7851507df8cb15b569ecff1020ad45d6053a4471649ebf09dd8453f1f29d25e9ea3278c02c98a7b88ecf17b337be9de7dea222fa95a20beca6
SSDEEP

12288:r5Vq8D+1kL6f3v21C29VIZPORek/To1eoJD8fhpTt:FYBv2o2gZPy/U1eQQZpTt

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.alualuminium.com.my
Port:
587
Username:
[email protected]
Password:
U8G4S13#8Zk$
Email To:
[email protected]

Targets

- Target
  
  8518ccc749c3934b1ce840e708d97659b02f1ba717205789d869dbb49103f5ce.exe
- Size
  
  1.1MB
- MD5
  
  9f061ed14a6be403487e1d5d9f57c1c7
- SHA1
  
  14b8bb53f104da83ac047a2133b3c16b1c417ae6
- SHA256
  
  8518ccc749c3934b1ce840e708d97659b02f1ba717205789d869dbb49103f5ce
- SHA512
  
  9af07665a41a5babc582a8b45f02068e7f198ed93edf32c2721448b84fc92c6ee2b1844694079a3d335e5222df27666e4b6ae5f9b6e2725923ad92f8ab94e9e2
- SSDEEP
  
  24576:ktfo6PTetbba1C/Ll3HoyhLLGmkB/YAuseX7KvO1YAuJMi+sPV3GykDfMNVzCOgk:Uo0etbba1C/Ll3HxHRpAuserKvpAuJMO
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2