snakekeylogger | 2be0b92232a70039a9ed0c89fa544958e3b71f148789dfd48926ddf765faab96

General

Target

797ce10340fed5abf8d79efca80f77dc.bin
Size

345KB
Sample

231221-crpseafcgn
MD5

7e9cf6c781a4c7d87fd7ab9f4f62650d
SHA1

7f3e22d3038a2606c0b4fa907dde2c29458dc112
SHA256

2be0b92232a70039a9ed0c89fa544958e3b71f148789dfd48926ddf765faab96
SHA512

765539bd7222b60d47367ab4f3c1147613e6bb2d9e61133813cff72cff5daa9e954fad874b210083440238f32cef8e8f11e947c079e07459c23c9d319988d04c
SSDEEP

6144:JFooP8OqcYC5ACFzGNGrYYp4V9O76+uxnPtLJElCRJzpDpaBTnDjrvEyBk6Zm/7U:JaO1xiMd2V9v+unVLgCRTtMTDjbEWkdy

Score

10^/10

Malware Config

Targets

- Target
  
  6e98c016708bac05bbed8e04532e37a7dc3ac9c607fa5fc8922a2b067dcf0fcd.exe
- Size
  
  461KB
- MD5
  
  797ce10340fed5abf8d79efca80f77dc
- SHA1
  
  15c35591e61de6a2a85212212b90e01f005e5a5f
- SHA256
  
  6e98c016708bac05bbed8e04532e37a7dc3ac9c607fa5fc8922a2b067dcf0fcd
- SHA512
  
  3e5948c7e557090a61b5240f37541108785ad6e89939f386cdb90e45be0e15d8dd8b9e2d1ad8144faf660c0ce6082f3e63797ea847bf12cd1ffab92af71d2734
- SSDEEP
  
  12288:IjgZm1QudhmkCbkibFWexzNA88csQHvPBn:2uud0PHbFJ+zrQHvPBn
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2