snakekeylogger | 486032726bf8f655211586986bdc0e49f0149c0a85cfaebf1ff8c28e0587bc85 | Triage

Submit
Reports

Overview

overview

Static

static

3

115f6d94f2...0d.exe

windows7-x64

115f6d94f2...0d.exe

windows10-2004-x64

Sharing

General

Target

115f6d94f2fd77eda6b81780e8051f0d
Size

665KB
Sample

231224-zeeg8sdbd8
MD5

115f6d94f2fd77eda6b81780e8051f0d
SHA1

984bc609ef9c5da154a3d442051f3a9a0725ee23
SHA256

486032726bf8f655211586986bdc0e49f0149c0a85cfaebf1ff8c28e0587bc85
SHA512

f4c00cbc727885c482a752322844775fcbf854c1607966654307e9c9077060689050a5326bbacee278c4e04024a29f945a5622384c788d9f4f65a50f4ad035b3
SSDEEP

12288:tCtQvsls8COsBgo0q4wM90bVCW1VaZ3YDeoyi8hJHf5gCyKtytmLa:tCtQvwCOsBgo0q4wMSb31VaVUDyiAKCc

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

115f6d94f2fd77eda6b81780e8051f0d.exe

Resource

win7-20231215-en

snakekeylogger keylogger stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

115f6d94f2fd77eda6b81780e8051f0d.exe

Resource

win10v2004-20231215-en

snakekeylogger keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
Chukwudim28@
Email To:
[email protected]

Targets

- Target
  
  115f6d94f2fd77eda6b81780e8051f0d
- Size
  
  665KB
- MD5
  
  115f6d94f2fd77eda6b81780e8051f0d
- SHA1
  
  984bc609ef9c5da154a3d442051f3a9a0725ee23
- SHA256
  
  486032726bf8f655211586986bdc0e49f0149c0a85cfaebf1ff8c28e0587bc85
- SHA512
  
  f4c00cbc727885c482a752322844775fcbf854c1607966654307e9c9077060689050a5326bbacee278c4e04024a29f945a5622384c788d9f4f65a50f4ad035b3
- SSDEEP
  
  12288:tCtQvsls8COsBgo0q4wM90bVCW1VaZ3YDeoyi8hJHf5gCyKtytmLa:tCtQvwCOsBgo0q4wMSb31VaVUDyiAKCc
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy