snakekeylogger | c839949bc2ef0120313e192d7d13d39fae8fbf993edf477ca2aa074f745709ec

General

Target

aedd4f72fbf47730d604f6923ece737d.bin
Size

299KB
Sample

231107-yxcwpafd7w
MD5

aedd4f72fbf47730d604f6923ece737d
SHA1

56d94fa9ede964901532f9abe2e9a9badc55e48d
SHA256

c839949bc2ef0120313e192d7d13d39fae8fbf993edf477ca2aa074f745709ec
SHA512

528115da6ae5567ac7033390a903f23725af1f7f440fac6d4a11226a72f5355578d5bf7bd516f180fc8eb8a59eb6fe463dc1c655a56d5806b348bc71352c40ab
SSDEEP

6144:E7i7/EQGESYXT5hbq/Rqr2Z9rv6il5R17+y+NzKJx6vZy9Gy0:E7Aj3q/koyilR+ykoGy0

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.yandex.com
Port:
587
Username:
[email protected]
Password:
chijiokejackson121

C2

https://api.telegram.org/bot5206100572:AAFn3MxBuN0bjQhfY8y1ed9Iwi79LyIe75I/sendMessage?chat_id=2135869667

Targets

- Target
  
  Vessels details.exe
- Size
  
  374KB
- MD5
  
  015f92c031a3f47dc93b9410a156470b
- SHA1
  
  bd1ec48f94e2e79e30eed34e146a77e6dc5581f4
- SHA256
  
  567da55c5a9f89c31cc2e2ca01d9b688f2cf2d9614d93413eb05246a10a626e1
- SHA512
  
  6c378f61c06562915c21c66eaa2308626565eec7904e19f3a858ba648a192df4d06d9c8e1bd64f2c79a23560bed61d80bffcbf24ba518c894d7f9d7f2b5bcedc
- SSDEEP
  
  6144:DN7zMdPaeztFrgxaw2ZRZbGAZkMf7tZalavQoXEsYG65ug5hxxQg3NZLM:4ztFU2Z3GYkU7tZalavQwEHbkg3BjM
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Drops startup file
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Drops startup file

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2