snakekeylogger | 43b81452ba3a471f0b239dac8bdbf3a2b59cfe35330626ae5a362ecece07fbad | Triage

Submit
Reports

Overview

overview

Static

static

3

Products List.exe

windows7-x64

Products List.exe

windows10-2004-x64

Sharing

General

Target

Products List.exe
Size

502KB
Sample

231127-mjtfqsfh6y
MD5

23774a05b01b50041d854d27c78edf3f
SHA1

f3bef4db75331bfc451737cbc34f8a1b882c3a66
SHA256

43b81452ba3a471f0b239dac8bdbf3a2b59cfe35330626ae5a362ecece07fbad
SHA512

49875538e7c40b04e39c728d884583b869852f708cc6ff4662b1110a156ba7d6ffc95cf942f43ec0c112af1acf5ef29eae22b88f8629f563f365394ede0bf2c8
SSDEEP

12288:uH72CH8/BgWzP86/3wYkYgmic8H6pj4JELWlDDLNaqxw:y8ZNv3mYgmzpEJcwDvN3w

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Products List.exe

Resource

win7-20231023-en

snakekeylogger collection keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Products List.exe

Resource

win10v2004-20231020-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.belt-tech.com.my
Port:
587
Username:
[email protected]
Password:
Beltechpg@1234
Email To:
[email protected]

Targets

- Target
  
  Products List.exe
- Size
  
  502KB
- MD5
  
  23774a05b01b50041d854d27c78edf3f
- SHA1
  
  f3bef4db75331bfc451737cbc34f8a1b882c3a66
- SHA256
  
  43b81452ba3a471f0b239dac8bdbf3a2b59cfe35330626ae5a362ecece07fbad
- SHA512
  
  49875538e7c40b04e39c728d884583b869852f708cc6ff4662b1110a156ba7d6ffc95cf942f43ec0c112af1acf5ef29eae22b88f8629f563f365394ede0bf2c8
- SSDEEP
  
  12288:uH72CH8/BgWzP86/3wYkYgmic8H6pj4JELWlDDLNaqxw:y8ZNv3mYgmzpEJcwDvN3w
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy