snakekeylogger | f9123271679daa738822e490f6d71f27a8478ad773a2a60b261b31c3ecb72782 | Triage

Submit
Reports

Overview

overview

Static

static

3

1ef15ee78f...4f.exe

windows7-x64

1ef15ee78f...4f.exe

windows10-2004-x64

Sharing

General

Target

1ef15ee78f20dc055b39249c613a484f
Size

1008KB
Sample

231221-21j1ysgffj
MD5

1ef15ee78f20dc055b39249c613a484f
SHA1

16ab6442b5711eb54e54d36d780d0b18a0207f60
SHA256

f9123271679daa738822e490f6d71f27a8478ad773a2a60b261b31c3ecb72782
SHA512

8a6764785c60314c81ede797176d53211920bd037fa8d0f3f20758918f00a84ec757644039d5945ca4e6688a4bf7bc41f4a0aba146a5da7e0423825c192613d2
SSDEEP

24576:HHNiHXt734s2lrIrxT7ZhNlT7dkcOs/h/0S/:HtiHXtDImhX7ecOs/h/0S

Score

10^/10

snakekeylogger keylogger persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1ef15ee78f20dc055b39249c613a484f.exe

Resource

win7-20231215-en

snakekeylogger keylogger persistence stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

1ef15ee78f20dc055b39249c613a484f.exe

Resource

win10v2004-20231215-en

snakekeylogger keylogger persistence stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  1ef15ee78f20dc055b39249c613a484f
- Size
  
  1008KB
- MD5
  
  1ef15ee78f20dc055b39249c613a484f
- SHA1
  
  16ab6442b5711eb54e54d36d780d0b18a0207f60
- SHA256
  
  f9123271679daa738822e490f6d71f27a8478ad773a2a60b261b31c3ecb72782
- SHA512
  
  8a6764785c60314c81ede797176d53211920bd037fa8d0f3f20758918f00a84ec757644039d5945ca4e6688a4bf7bc41f4a0aba146a5da7e0423825c192613d2
- SSDEEP
  
  24576:HHNiHXt734s2lrIrxT7ZhNlT7dkcOs/h/0S/:HtiHXtDImhX7ecOs/h/0S
Score

10^/10

snakekeylogger keylogger persistence stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerpersistencestealer

behavioral2

snakekeyloggerkeyloggerpersistencestealer

© 2018-2024

Terms | Privacy