snakekeylogger | e04168c6b566f3616dc36ea8eae36fa4ca1fc2b11ce02ad2069beddbf7c17761

General

Target

fcbb18ac3efebbcbe42999b718ba2995.bin
Size

952KB
Sample

231221-d6l6haabh2
MD5

94a9758a6310f925a3f6457678053c56
SHA1

0720c6e4c8e467693b423d0fa21ac0eab84292f9
SHA256

e04168c6b566f3616dc36ea8eae36fa4ca1fc2b11ce02ad2069beddbf7c17761
SHA512

bfc140a0e92bd5d27ea01ae8d96c04a3eb963ad1bb7359d29c25c59093c738700c1f50581989509b32d6414f4a0b5fe4dbdd875597a4ae06cc5fa735a65b2553
SSDEEP

24576:j5bKynwUf6fjCs+8Ie2+M9+/LGu/tqb3RLkS3UtBER:FznVfqo8nQ+/yubSktBg

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
megatechcontrol.com
Port:
587
Username:
[email protected]
Password:
megatech1#

Targets

- Target
  
  1d16237ed75b507f03609ede9722fff429f9a7386c4c4408a9f47623d7a28b50.exe
- Size
  
  1.1MB
- MD5
  
  fcbb18ac3efebbcbe42999b718ba2995
- SHA1
  
  8771d111792d957cbf775c7eecd743be4b49d0a7
- SHA256
  
  1d16237ed75b507f03609ede9722fff429f9a7386c4c4408a9f47623d7a28b50
- SHA512
  
  84ee10f0f75694d3dfca2c67e2899cfc0b31ffb9cdfdd4b8666d8f68ab1acc9be6da02e354a14a070b51ea173b36030e492047df6a1d3f2f5bd1679f817a9cc1
- SSDEEP
  
  24576:mYrGdfC41+CruFtTRXispYjwLf1JxuAnHWsKjIo1zMh:FZ41+CraTRXikxJsAnHWsKso1zMh
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3

T1552

Credentials In Files

3

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2