snakekeylogger | 3d11da50a09634887b61468945a424c3e9104424071969b6dc72ca098bcb0c2b | Triage

Submit
Reports

Overview

overview

Static

static

3

23021205_4...DF.exe

windows7-x64

23021205_4...DF.exe

windows10-2004-x64

Sharing

General

Target

23021205_4534Documentation-PDF.exe
Size

758KB
Sample

231206-md8cpsdf78
MD5

8a9db3f90c433ec06a9c0c33d776123b
SHA1

6f61cbc021cc283af8bb9c42d468c4fe591f070f
SHA256

3d11da50a09634887b61468945a424c3e9104424071969b6dc72ca098bcb0c2b
SHA512

2e42b3878f6e46580f5e69fb7eb1c19deaf336ae09cbf8cd71243b9f7086c71aa842cc18933ead5efb000d71dcdac8dff425a0b03c4c31f4337087662817cffc
SSDEEP

12288:sX5nF8pREGHTbr1A1TQ3j0qGLHJars0KIgBHdCob89XDCl7yrBfJNo5sAD:emr6TQZJs0K5BHd3b89XDNs

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

23021205_4534Documentation-PDF.exe

Resource

win7-20231023-en

snakekeylogger collection keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

23021205_4534Documentation-PDF.exe

Resource

win10v2004-20231130-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  23021205_4534Documentation-PDF.exe
- Size
  
  758KB
- MD5
  
  8a9db3f90c433ec06a9c0c33d776123b
- SHA1
  
  6f61cbc021cc283af8bb9c42d468c4fe591f070f
- SHA256
  
  3d11da50a09634887b61468945a424c3e9104424071969b6dc72ca098bcb0c2b
- SHA512
  
  2e42b3878f6e46580f5e69fb7eb1c19deaf336ae09cbf8cd71243b9f7086c71aa842cc18933ead5efb000d71dcdac8dff425a0b03c4c31f4337087662817cffc
- SSDEEP
  
  12288:sX5nF8pREGHTbr1A1TQ3j0qGLHJars0KIgBHdCob89XDCl7yrBfJNo5sAD:emr6TQZJs0K5BHd3b89XDNs
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy