snakekeylogger | 3087ad6676cc9169389d5dcbe9328099c9fb386a8e2c0ebaf2eae4c92924e692

General

Target

Halkbank_Ekstre_20231129_434343_4432123.pdf.exe
Size

578KB
Sample

231130-yr4gfshd8v
MD5

e774b25a7a8751c5725ed2ba1dede243
SHA1

71e7a04a9d9448d2da4c353642829edcc8fdcb67
SHA256

3087ad6676cc9169389d5dcbe9328099c9fb386a8e2c0ebaf2eae4c92924e692
SHA512

8d825a39760d2792b2b0a0403f781963167642e936e4b857c2c34144fe8c16b4b6fd7abb0c83c89999af5652c73151d39b9c45327fb75ffde866dc0f41aa5908
SSDEEP

12288:Tjqcopox437NBg4OChLjFg/r8tn2FLXNFT3xOg8cqWdE:Ze3Hg43hLBio2FLXNB3xOgQoE

Score

10^/10

Malware Config

Targets

- Target
  
  Halkbank_Ekstre_20231129_434343_4432123.pdf.exe
- Size
  
  578KB
- MD5
  
  e774b25a7a8751c5725ed2ba1dede243
- SHA1
  
  71e7a04a9d9448d2da4c353642829edcc8fdcb67
- SHA256
  
  3087ad6676cc9169389d5dcbe9328099c9fb386a8e2c0ebaf2eae4c92924e692
- SHA512
  
  8d825a39760d2792b2b0a0403f781963167642e936e4b857c2c34144fe8c16b4b6fd7abb0c83c89999af5652c73151d39b9c45327fb75ffde866dc0f41aa5908
- SSDEEP
  
  12288:Tjqcopox437NBg4OChLjFg/r8tn2FLXNFT3xOg8cqWdE:Ze3Hg43hLBio2FLXNB3xOgQoE
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2