snakekeylogger | d75208f6e002bf7dcc1319971897886f0e6846d078adb97437953087311b1baf | Triage

Submit
Reports

Overview

overview

Static

static

3

73db5847e7...3f.exe

windows7-x64

73db5847e7...3f.exe

windows10-2004-x64

Sharing

General

Target

73db5847e79cecadd08090f46147223f
Size

1.2MB
Sample

231219-wt1ggadef9
MD5

73db5847e79cecadd08090f46147223f
SHA1

4605b0ec88569216858cb4c04a4fde80cf943354
SHA256

d75208f6e002bf7dcc1319971897886f0e6846d078adb97437953087311b1baf
SHA512

d4c2dc989069bb67b136f50d3740d9bc4554da40e212657877f022643a8eea6843ad7cb7cfe72116a66be7d55e0f9f03341b6934f0793aaa207dade660a58e60
SSDEEP

24576:BQ7JV/KtSZRsMeaXkscQ5uLHnNGjqWya5b9JkvwJ:OVxcQ5uvWya5bQg

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

73db5847e79cecadd08090f46147223f.exe

Resource

win7-20231215-en

snakekeylogger keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

73db5847e79cecadd08090f46147223f.exe

Resource

win10v2004-20231215-en

snakekeylogger keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.pishroparsian.com
Port:
587
Username:
[email protected]
Password:
Hassan@khani2
Email To:
[email protected]

C2

https://api.telegram.org/bot1328029504:AAGKFzQ1tJdWqJzQg7lW0DK-JgG0_8hFEEk/sendMessage?chat_id=1072388187

Targets

- Target
  
  73db5847e79cecadd08090f46147223f
- Size
  
  1.2MB
- MD5
  
  73db5847e79cecadd08090f46147223f
- SHA1
  
  4605b0ec88569216858cb4c04a4fde80cf943354
- SHA256
  
  d75208f6e002bf7dcc1319971897886f0e6846d078adb97437953087311b1baf
- SHA512
  
  d4c2dc989069bb67b136f50d3740d9bc4554da40e212657877f022643a8eea6843ad7cb7cfe72116a66be7d55e0f9f03341b6934f0793aaa207dade660a58e60
- SSDEEP
  
  24576:BQ7JV/KtSZRsMeaXkscQ5uLHnNGjqWya5b9JkvwJ:OVxcQ5uvWya5bQg
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy