snakekeylogger | 018a18c9bf06f85a05d2b55c89766a83e6da51ab3e653cd3e2a76e37d569d690

General

Target

14112023_2025_13112023_Hesap_Hareketleri_13112023.7z
Size

520KB
Sample

231114-plj17aba74
MD5

2df98e777673b669eb2f7da4522442e0
SHA1

5e252b8cb8fa0d759627ca139aff8509f054a176
SHA256

018a18c9bf06f85a05d2b55c89766a83e6da51ab3e653cd3e2a76e37d569d690
SHA512

4abf082824fc2ff0bc5db8ce35b28aadb0cf337b4d5b28c424b510a8b1b9b2d9ba32b62f5bfb4c81325a10c0a109eb08ec8be458a81d4a0fb9d32f2cf4689f0f
SSDEEP

12288:BR5Idmm2dP/E1yqnDQGBu1ean2LHXQMGuvFNtzLU22SHDd2czAJdNwDrWXz:MsPMoiw1ean2LSMZ2g2zADrWj

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.gkas.com.tr
Port:
587
Username:
[email protected]
Password:
Gkasteknik@2022

Targets

- Target
  
  Hesap_Hareketleri_13112023.exe
- Size
  
  635KB
- MD5
  
  e03443f35c0929b82184cc819f1d893e
- SHA1
  
  8aa0f351f283a54ccb7c35470c644bf2ae8c17c4
- SHA256
  
  621f3150df66056c73b465be0a703aa60905ce0d19d7cc08cdaa56efa3a19164
- SHA512
  
  08ca498709bface39ba314b411bf5654ff86cbf358120bc8779b86ea109dde9723a1833ca16f891fd45b1997178a51c19b46911e53a970715c54e4f680325bc2
- SSDEEP
  
  12288:aWOTNXc3DunBAFnScQzyq31Q1RuhvK0MLHmQMGuZTAtz9U2MvIDdBszAJdNw35iy:l3DuBqScteVhvK0MLddTMkBjA35
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2