snakekeylogger | c7c0a22744179c319910d7c9508866ebfc6d35beeee844b8462bab9c04af4b19 | Triage

Submit
Reports

Overview

overview

Static

static

3

05.12.2023...ls.exe

windows7-x64

05.12.2023...ls.exe

windows10-2004-x64

Sharing

General

Target

05.12.2023_tahsil_senedi_bilgileri.xls.exe
Size

681KB
Sample

231205-hvcj5saa32
MD5

3270695f929b3f2499f9f56d76c9b08f
SHA1

32e75a939b0ae09a898339004afa4bbeb3ce6d68
SHA256

c7c0a22744179c319910d7c9508866ebfc6d35beeee844b8462bab9c04af4b19
SHA512

23360736cdda1b3cd4cf07046936f512d3ab9c50c47422f1e7d3e689ad5143ef450ea8b3f0660c38a892c6191023b16b731c559ed11b3104e74b60f8986110f5
SSDEEP

12288:Xy7KE6jD/62iNG5nF8rmi9VEsqhzUoo3j3D829wV1wIctP/T:X6KtD/61IGzEsGInjwV1wFtX

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

05.12.2023_tahsil_senedi_bilgileri.xls.exe

Resource

win7-20231201-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

05.12.2023_tahsil_senedi_bilgileri.xls.exe

Resource

win10v2004-20231130-en

snakekeylogger keylogger stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.ozakaluminyum.com
Port:
587
Username:
[email protected]
Password:
ETKghx*c3KoQ

Targets

- Target
  
  05.12.2023_tahsil_senedi_bilgileri.xls.exe
- Size
  
  681KB
- MD5
  
  3270695f929b3f2499f9f56d76c9b08f
- SHA1
  
  32e75a939b0ae09a898339004afa4bbeb3ce6d68
- SHA256
  
  c7c0a22744179c319910d7c9508866ebfc6d35beeee844b8462bab9c04af4b19
- SHA512
  
  23360736cdda1b3cd4cf07046936f512d3ab9c50c47422f1e7d3e689ad5143ef450ea8b3f0660c38a892c6191023b16b731c559ed11b3104e74b60f8986110f5
- SSDEEP
  
  12288:Xy7KE6jD/62iNG5nF8rmi9VEsqhzUoo3j3D829wV1wIctP/T:X6KtD/61IGzEsGInjwV1wFtX
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy