snakekeylogger | 6e47024e23846e53598fe383b22a61d66060d95013c57103763d1f923ef6a505 | Triage

Submit
Reports

Overview

overview

Static

static

3

10a3c3a3c3...e0.exe

windows7-x64

10a3c3a3c3...e0.exe

windows10-2004-x64

Sharing

General

Target

10a3c3a3c388b4bde384068720dca0e0
Size

316KB
Sample

231219-m888gsbfb2
MD5

10a3c3a3c388b4bde384068720dca0e0
SHA1

cdcfa097331476d5ee6e713923ac69bbe0f8448e
SHA256

6e47024e23846e53598fe383b22a61d66060d95013c57103763d1f923ef6a505
SHA512

c9b9d9e315867ffa3e7d6a7c88affa2fd16f9cb505b1b5bde0571f46952776d6932ae7474dd5d04a7b4e485e06c1dde7748ab6768e5e50a4635a307fa07fcac0
SSDEEP

6144:b8LxBqe6xl4nMSMntPbrmFhhDaNoM4T9ifQSJEhN60wXfICL6k+4Nxx:nZxlsMiFhWFQ9iJPxXfI9EF

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

10a3c3a3c388b4bde384068720dca0e0.exe

Resource

win7-20231129-en

snakekeylogger keylogger stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

10a3c3a3c388b4bde384068720dca0e0.exe

Resource

win10v2004-20231215-en

snakekeylogger keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1903200344:AAFlSm8e6hlfnObZcgLQazPYhmg0jo7ubTI/sendMessage?chat_id=1988673175

Targets

- Target
  
  10a3c3a3c388b4bde384068720dca0e0
- Size
  
  316KB
- MD5
  
  10a3c3a3c388b4bde384068720dca0e0
- SHA1
  
  cdcfa097331476d5ee6e713923ac69bbe0f8448e
- SHA256
  
  6e47024e23846e53598fe383b22a61d66060d95013c57103763d1f923ef6a505
- SHA512
  
  c9b9d9e315867ffa3e7d6a7c88affa2fd16f9cb505b1b5bde0571f46952776d6932ae7474dd5d04a7b4e485e06c1dde7748ab6768e5e50a4635a307fa07fcac0
- SSDEEP
  
  6144:b8LxBqe6xl4nMSMntPbrmFhhDaNoM4T9ifQSJEhN60wXfICL6k+4Nxx:nZxlsMiFhWFQ9iJPxXfI9EF
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy