snakekeylogger | 6bfde0abeab045d2ea80c8f46415b00ac74911b23a98b6e72d66ce7fafdec5d6 | Triage

Submit
Reports

Overview

overview

Static

static

3

69bf702d95...c1.exe

windows7-x64

69bf702d95...c1.exe

windows10-2004-x64

Sharing

General

Target

69bf702d9534362c01ef68fc6fab10c1
Size

324KB
Sample

231219-vzxr4afff6
MD5

69bf702d9534362c01ef68fc6fab10c1
SHA1

495644930cedd710c37bdc69c931b5333f147d41
SHA256

6bfde0abeab045d2ea80c8f46415b00ac74911b23a98b6e72d66ce7fafdec5d6
SHA512

00a1ff43107dd264168af64a924b0b3f9441d9c44ce3f530705c93b59933d8d7126613c23d039ed71f5f5cec5bb2fcf47add7f88241c94c52bb12917af479c22
SSDEEP

6144:b8LxBBXsxvRKsSNhaI8oS81aLE7IpB3P+G7W3yt2YjDvAw:ysxJKsSNknoSU4pB3GuvLAw

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

69bf702d9534362c01ef68fc6fab10c1.exe

Resource

win7-20231215-en

snakekeylogger keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

69bf702d9534362c01ef68fc6fab10c1.exe

Resource

win10v2004-20231215-en

snakekeylogger keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1816395306:AAE3ZBLYV2L9aT9mL8itL9vr3RP6nOz_B1o/sendMessage?chat_id=1368673464

Targets

- Target
  
  69bf702d9534362c01ef68fc6fab10c1
- Size
  
  324KB
- MD5
  
  69bf702d9534362c01ef68fc6fab10c1
- SHA1
  
  495644930cedd710c37bdc69c931b5333f147d41
- SHA256
  
  6bfde0abeab045d2ea80c8f46415b00ac74911b23a98b6e72d66ce7fafdec5d6
- SHA512
  
  00a1ff43107dd264168af64a924b0b3f9441d9c44ce3f530705c93b59933d8d7126613c23d039ed71f5f5cec5bb2fcf47add7f88241c94c52bb12917af479c22
- SSDEEP
  
  6144:b8LxBBXsxvRKsSNhaI8oS81aLE7IpB3P+G7W3yt2YjDvAw:ysxJKsSNknoSU4pB3GuvLAw
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy