snakekeylogger | 5abec5e92048d2cf64785ed4a873acc4fd88be7d361e47b5508753bd43eeafb2 | Triage

Submit
Reports

Overview

overview

Static

static

3

2d472944cc...2c.exe

windows7-x64

9

2d472944cc...2c.exe

windows10-2004-x64

Sharing

General

Target

2d472944cce2a1a6664c29336004f22c
Size

998KB
Sample

231225-tzwdlafegm
MD5

2d472944cce2a1a6664c29336004f22c
SHA1

2d88407509c184f6ea85f81910f4c81dc118499b
SHA256

5abec5e92048d2cf64785ed4a873acc4fd88be7d361e47b5508753bd43eeafb2
SHA512

b4d24ccd5a345fbcd845b7cb4176bb23e5bc42a8e1e4302ba7d2a4c67864ff7e266351e3910ba32eb4799159e3c35d7465cb4fa6fe4324255b82bed377f21cf1
SSDEEP

24576:JoFGjUhRm/dFgaK64E3MyOvAcamEe/aNF0ZoR:CFk69aK6443OYO0Noc

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2d472944cce2a1a6664c29336004f22c.exe

Resource

win7-20231215-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

2d472944cce2a1a6664c29336004f22c.exe

Resource

win10v2004-20231215-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
25
Username:
[email protected]
Password:
BkKMmzZ1
Email To:
[email protected]

Targets

- Target
  
  2d472944cce2a1a6664c29336004f22c
- Size
  
  998KB
- MD5
  
  2d472944cce2a1a6664c29336004f22c
- SHA1
  
  2d88407509c184f6ea85f81910f4c81dc118499b
- SHA256
  
  5abec5e92048d2cf64785ed4a873acc4fd88be7d361e47b5508753bd43eeafb2
- SHA512
  
  b4d24ccd5a345fbcd845b7cb4176bb23e5bc42a8e1e4302ba7d2a4c67864ff7e266351e3910ba32eb4799159e3c35d7465cb4fa6fe4324255b82bed377f21cf1
- SSDEEP
  
  24576:JoFGjUhRm/dFgaK64E3MyOvAcamEe/aNF0ZoR:CFk69aK6443OYO0Noc
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy