snakekeylogger | 567da55c5a9f89c31cc2e2ca01d9b688f2cf2d9614d93413eb05246a10a626e1

General

Target

567da55c5a9f89c31cc2e2ca01d9b688f2cf2d9614d93413eb05246a10a626e1.exe
Size

374KB
Sample

231110-hqtmvsef77
MD5

015f92c031a3f47dc93b9410a156470b
SHA1

bd1ec48f94e2e79e30eed34e146a77e6dc5581f4
SHA256

567da55c5a9f89c31cc2e2ca01d9b688f2cf2d9614d93413eb05246a10a626e1
SHA512

6c378f61c06562915c21c66eaa2308626565eec7904e19f3a858ba648a192df4d06d9c8e1bd64f2c79a23560bed61d80bffcbf24ba518c894d7f9d7f2b5bcedc
SSDEEP

6144:DN7zMdPaeztFrgxaw2ZRZbGAZkMf7tZalavQoXEsYG65ug5hxxQg3NZLM:4ztFU2Z3GYkU7tZalavQwEHbkg3BjM

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.yandex.com
Port:
587
Username:
[email protected]
Password:
chijiokejackson121

C2

https://api.telegram.org/bot5206100572:AAFn3MxBuN0bjQhfY8y1ed9Iwi79LyIe75I/sendMessage?chat_id=2135869667

Targets

- Target
  
  567da55c5a9f89c31cc2e2ca01d9b688f2cf2d9614d93413eb05246a10a626e1.exe
- Size
  
  374KB
- MD5
  
  015f92c031a3f47dc93b9410a156470b
- SHA1
  
  bd1ec48f94e2e79e30eed34e146a77e6dc5581f4
- SHA256
  
  567da55c5a9f89c31cc2e2ca01d9b688f2cf2d9614d93413eb05246a10a626e1
- SHA512
  
  6c378f61c06562915c21c66eaa2308626565eec7904e19f3a858ba648a192df4d06d9c8e1bd64f2c79a23560bed61d80bffcbf24ba518c894d7f9d7f2b5bcedc
- SSDEEP
  
  6144:DN7zMdPaeztFrgxaw2ZRZbGAZkMf7tZalavQoXEsYG65ug5hxxQg3NZLM:4ztFU2Z3GYkU7tZalavQwEHbkg3BjM
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Drops startup file
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Drops startup file

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2