snakekeylogger | b39bd1ae1083d02d4e5a1fcbf34399e5bd28cd3b2b2d9c9569f26143767feb14 | Triage

Submit
Reports

Overview

overview

Static

static

3

11f9cac2f8...b7.exe

windows7-x64

11f9cac2f8...b7.exe

windows10-2004-x64

Sharing

General

Target

11f9cac2f85d8bbf3f11eace2c7cfab7
Size

792KB
Sample

231225-kcxhpsbacj
MD5

11f9cac2f85d8bbf3f11eace2c7cfab7
SHA1

1befd0c0c655f178408021a8673abce558c0bf61
SHA256

b39bd1ae1083d02d4e5a1fcbf34399e5bd28cd3b2b2d9c9569f26143767feb14
SHA512

c9aecfd140f9eeeabe428083dc499afc9022a5caba66d1c8d0941aad20264a3109ec1e661b4040f9a4cf77158850f1ebd3ff923c9e0048edc0faa0bddfe43cf3
SSDEEP

24576:+gJJjCOsBgo0q4wMPCadKqDpDtWUFf3JaC6VPk06iDj:+MdDoHMPvdKqB3JL6FkU

Score

10^/10

snakekeylogger collection keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

11f9cac2f85d8bbf3f11eace2c7cfab7.exe

Resource

win7-20231129-en

snakekeylogger collection keylogger spyware stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

11f9cac2f85d8bbf3f11eace2c7cfab7.exe

Resource

win10v2004-20231215-en

snakekeylogger keylogger stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
y)rZiXc(6
Email To:
[email protected]

Targets

- Target
  
  11f9cac2f85d8bbf3f11eace2c7cfab7
- Size
  
  792KB
- MD5
  
  11f9cac2f85d8bbf3f11eace2c7cfab7
- SHA1
  
  1befd0c0c655f178408021a8673abce558c0bf61
- SHA256
  
  b39bd1ae1083d02d4e5a1fcbf34399e5bd28cd3b2b2d9c9569f26143767feb14
- SHA512
  
  c9aecfd140f9eeeabe428083dc499afc9022a5caba66d1c8d0941aad20264a3109ec1e661b4040f9a4cf77158850f1ebd3ff923c9e0048edc0faa0bddfe43cf3
- SSDEEP
  
  24576:+gJJjCOsBgo0q4wMPCadKqDpDtWUFf3JaC6VPk06iDj:+MdDoHMPvdKqB3JL6FkU
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerspywarestealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy