Overview

overview

10

Static

static

3

e01abaa9e6...d8.exe

windows7-x64

10

e01abaa9e6...d8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2023 17:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e01abaa9e6305466b3a738296e3d2509519e181911d1ace2f2392e913b8418d8.exe

  • Size

    521KB

  • MD5

    791b1eedf60deb460c18adf14264f32e

  • SHA1

    46d899ffb3cfbeff5287b5513846000788c06ef4

  • SHA256

    e01abaa9e6305466b3a738296e3d2509519e181911d1ace2f2392e913b8418d8

  • SHA512

    af74aa87f0fa9e9ba377616970dbdcb44a76ceb2b5254726a226f7b82120290bc033626da125719f5fc4ed99babff7a14389845004988022968dbb44a903a4ac

  • SSDEEP

    12288:O/f40KiK9YmcZXy3zuyb9gxjDc4l8kK4ENzuC4K:i4CKYFkX9tEEN

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Signatures

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger
  • Snake Keylogger payload 1 IoCs
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e01abaa9e6305466b3a738296e3d2509519e181911d1ace2f2392e913b8418d8.exe
    "C:\Users\Admin\AppData\Local\Temp\e01abaa9e6305466b3a738296e3d2509519e181911d1ace2f2392e913b8418d8.exe"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • outlook_office_path
    • outlook_win_path
    PID:2304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2304-0-0x00000000752F0000-0x0000000075AA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2304-1-0x0000000000AE0000-0x0000000000B68000-memory.dmp

    Filesize

    544KB

    Download

  • memory/2304-2-0x0000000005BB0000-0x0000000006154000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2304-3-0x0000000005530000-0x00000000055C2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2304-4-0x00000000056D0000-0x00000000056E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2304-5-0x0000000005600000-0x000000000560A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2304-6-0x0000000005770000-0x0000000005788000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2304-7-0x0000000005790000-0x0000000005796000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2304-8-0x0000000002E10000-0x0000000002E1A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2304-9-0x0000000006A60000-0x0000000006AC0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2304-10-0x000000000B4A0000-0x000000000B53C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2304-11-0x0000000006AC0000-0x0000000006AE6000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2304-12-0x00000000752F0000-0x0000000075AA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2304-13-0x00000000056D0000-0x00000000056E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2304-14-0x0000000009190000-0x00000000091E0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2304-15-0x00000000093B0000-0x0000000009572000-memory.dmp

    Filesize

    1.8MB

    Download