snakekeylogger | 98c19753dbee8352bb450feb4d842079a04b17456e21761e713b9d481b00ac86 | Triage

Submit
Reports

Overview

overview

Static

static

3

NEAS.98c19...86.exe

windows7-x64

NEAS.98c19...86.exe

windows10-2004-x64

7

Sharing

General

Target

NEAS.98c19753dbee8352bb450feb4d842079a04b17456e21761e713b9d481b00ac86.exe
Size

332KB
Sample

231114-jpbakahf67
MD5

b5fbcda9d5577a1348fd66393e834c38
SHA1

de3a6bbabc63574238cdc3f78058fa752da31da0
SHA256

98c19753dbee8352bb450feb4d842079a04b17456e21761e713b9d481b00ac86
SHA512

bdd64acc3de80f6ca506639a989ca0dc5947e856913a7937ffd71726fed07f633c005ae70a3b53dc735d432ae78b67888870afa53e06e191c7f749fbf3ee8a53
SSDEEP

6144:JEasJm3yZ1bHuuywQ7sUeFb2KnZFsTxvULZYE2Odtyqd72fBQD:JEyHutZFG0YrOiqoW

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NEAS.98c19753dbee8352bb450feb4d842079a04b17456e21761e713b9d481b00ac86.exe

Resource

win7-20231023-en

snakekeylogger keylogger stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.98c19753dbee8352bb450feb4d842079a04b17456e21761e713b9d481b00ac86.exe

Resource

win10v2004-20231023-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.noscoegypt.com
Port:
465
Username:
[email protected]
Password:
j3w[Ok%-wW,@
Email To:
URL: mail.noscoegypt.com

C2

https://api.telegram.org/bot6812788177:AAGkIGRh-hqEtxCxIbq-Dbm2V68_RxIRo8c/sendMessage?chat_id=5007084465

Targets

- Target
  
  NEAS.98c19753dbee8352bb450feb4d842079a04b17456e21761e713b9d481b00ac86.exe
- Size
  
  332KB
- MD5
  
  b5fbcda9d5577a1348fd66393e834c38
- SHA1
  
  de3a6bbabc63574238cdc3f78058fa752da31da0
- SHA256
  
  98c19753dbee8352bb450feb4d842079a04b17456e21761e713b9d481b00ac86
- SHA512
  
  bdd64acc3de80f6ca506639a989ca0dc5947e856913a7937ffd71726fed07f633c005ae70a3b53dc735d432ae78b67888870afa53e06e191c7f749fbf3ee8a53
- SSDEEP
  
  6144:JEasJm3yZ1bHuuywQ7sUeFb2KnZFsTxvULZYE2Odtyqd72fBQD:JEyHutZFG0YrOiqoW
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy