snakekeylogger | 50adf3d89dae3573c0ce2b3152cb50f5938e561e884657430752fcea2573eb8b | Triage

Submit
Reports

Overview

overview

Static

static

7

0f149fac93...5b.exe

windows7-x64

7

0f149fac93...5b.exe

windows10-2004-x64

Sharing

General

Target

0f149fac933a5eb6928c7c97e6272f2f3f5af71fcb93f9850a22b24a19d0755b.exe.zip
Size

288KB
Sample

231201-spvtmscc3y
MD5

51a1227a3501f02c01d1ab1b9408f786
SHA1

c3bebdc3d1f3abf07ed2aaacbff416f228c7e385
SHA256

50adf3d89dae3573c0ce2b3152cb50f5938e561e884657430752fcea2573eb8b
SHA512

fe9b64e05ed49664e857b19c1268d9d15a390a7b4b628d0a7b19b1ed011e4090372e940fc389c495d78ee2d7b43cc0a7211587875815142ed081cc91e2a67770
SSDEEP

6144:HA7+9yEXXZ5C62Ack1prOZahuGwV3dZaA20KSajqy+2FsDk9AsK1gN0Ctwa+:gZEXp5C+l3MaMGyIje2FGs2gNZtwa+

Score

10^/10

snakekeylogger keylogger link miner pdf stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0f149fac933a5eb6928c7c97e6272f2f3f5af71fcb93f9850a22b24a19d0755b.exe

Resource

win7-20231023-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

0f149fac933a5eb6928c7c97e6272f2f3f5af71fcb93f9850a22b24a19d0755b.exe

Resource

win10v2004-20231127-en

snakekeylogger keylogger link miner pdf stealer upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  0f149fac933a5eb6928c7c97e6272f2f3f5af71fcb93f9850a22b24a19d0755b.exe
- Size
  
  480KB
- MD5
  
  43a01a183b3a8ae84d610a0d32deadc1
- SHA1
  
  dafabf5c99f8e872dc97cfaef742d57102f598b4
- SHA256
  
  0f149fac933a5eb6928c7c97e6272f2f3f5af71fcb93f9850a22b24a19d0755b
- SHA512
  
  3c5133e25a7555b94450efc03c7cae7b605fdaa48f9d5c58f3d50bc0334d727fb6fe286c1fb9e2bdd4162b05f3dc0150ea2fadeeff8e3de98d313de5e05b13c8
- SSDEEP
  
  12288:H7RN1oI4HAZvbdimEhbV0HAFwpTpBU073FEggkUpRgCKP+:HP4AZzdimEh71gCKP+
Score

10^/10

upx snakekeylogger keylogger link miner pdf stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Detectes Phoenix Miner Payload
  miner
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggerkeyloggerlinkminerpdfstealerupx

© 2018-2024

Terms | Privacy