snakekeylogger | 66b7c995ee00cdd1f2d9d75a8edfb6857f392d212116ff7b8a64e79d273655e8 | Triage

Submit
Reports

Overview

overview

Static

static

3

c065acd3ce...41.exe

windows7-x64

3

c065acd3ce...41.exe

windows10-2004-x64

Sharing

General

Target

c065acd3ce1ea7f83940aa11836e0d41
Size

487KB
Sample

231220-rcd5paghd2
MD5

c065acd3ce1ea7f83940aa11836e0d41
SHA1

16d7757b1e94c4eaaf3e73ae18265d9744c32358
SHA256

66b7c995ee00cdd1f2d9d75a8edfb6857f392d212116ff7b8a64e79d273655e8
SHA512

26f850b7171a117add93c4ab3845de5d4ff214d8bbc618eaca22f310c2d85060ffcd0f806b00c13c1d407b1333a88ab67692d828815b2dff830bf771b4be1d11
SSDEEP

12288:yqIof1TdNZnoHEDEhAGprOESOZy9NDN8wk:lIopkHEDEhfprOEhZip8wk

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c065acd3ce1ea7f83940aa11836e0d41.exe

Resource

win7-20231215-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

c065acd3ce1ea7f83940aa11836e0d41.exe

Resource

win10v2004-20231215-en

snakekeylogger keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.vivaldi.net
Port:
587
Username:
[email protected]
Password:
1Endurance1234
Email To:
[email protected]

Targets

- Target
  
  c065acd3ce1ea7f83940aa11836e0d41
- Size
  
  487KB
- MD5
  
  c065acd3ce1ea7f83940aa11836e0d41
- SHA1
  
  16d7757b1e94c4eaaf3e73ae18265d9744c32358
- SHA256
  
  66b7c995ee00cdd1f2d9d75a8edfb6857f392d212116ff7b8a64e79d273655e8
- SHA512
  
  26f850b7171a117add93c4ab3845de5d4ff214d8bbc618eaca22f310c2d85060ffcd0f806b00c13c1d407b1333a88ab67692d828815b2dff830bf771b4be1d11
- SSDEEP
  
  12288:yqIof1TdNZnoHEDEhAGprOESOZy9NDN8wk:lIopkHEDEhfprOEhZip8wk
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy