snakekeylogger | 99ff5837aae48213e7a715a46e880fafa35979316a08b9e17b604ef68296c436 | Triage

Submit
Reports

Overview

overview

Static

static

3

New Po No ...23.exe

windows7-x64

New Po No ...23.exe

windows10-2004-x64

Sharing

General

Target

99ff5837aae48213e7a715a46e880fafa35979316a08b9e17b604ef68296c436
Size

533KB
Sample

231128-m622dshd46
MD5

51a38484d620a91ff2953e059e25a66c
SHA1

2ff479f1d3ad6ec7c68c1749e464541453d616d4
SHA256

99ff5837aae48213e7a715a46e880fafa35979316a08b9e17b604ef68296c436
SHA512

303930ae92a5fdcdfb05f43fe50adeedc8c859840186eba4f4e347b0d47d17a04eaa0e7dcbac1689c9feeaed59f81087999dfacfeb5cca4546f96e273752a263
SSDEEP

12288:WEDYh2TDvSKzQY6FFz/zvJYGpPkd9vUnzEYWejMDfR8nY6+86qLPo4:RDYhkDvxQFzRJkd96ztWbZ8YeLV

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

New Po No AB 0571123.exe

Resource

win7-20231020-en

snakekeylogger collection keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

New Po No AB 0571123.exe

Resource

win10v2004-20231127-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.belt-tech.com.my
Port:
587
Username:
[email protected]
Password:
Beltechpg@1234
Email To:
[email protected]

Targets

- Target
  
  New Po No AB 0571123.exe
- Size
  
  577KB
- MD5
  
  a4fa700148049299a5800d542d2691d2
- SHA1
  
  e1d5d567763ea8586b8d318de20d545ad97d98f6
- SHA256
  
  f2fd94a4807a949f3a53c1c0bf922d724d3fa0aa9e5a9dd834edbc9187597b84
- SHA512
  
  faae5801f98ae1fa93a3695be94eef69a2740bd40955e46dbc395588527fb17bc0ce773dcdb7adb8d5fc0cb01ab7eda7c746f64d16b9041da4e80c30011b5a9b
- SSDEEP
  
  12288:fED71TllYmtlNXItdKTtQ9maIMKlcViQmbCpk:fEDhTllLlRRJQ9LXq
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy