snakekeylogger | 7bb173d6f12fefce48a6a3f2ec2d2e73bab1a1fc3c7a8f1fed35694a4053953f | Triage

Submit
Reports

Overview

overview

Static

static

3

49d00fbb78...3a.exe

windows7-x64

49d00fbb78...3a.exe

windows10-2004-x64

3

Sharing

General

Target

49d00fbb783d0a1f50039699bb9e0e3a
Size

600KB
Sample

231226-b1gmqabhcj
MD5

49d00fbb783d0a1f50039699bb9e0e3a
SHA1

d37b84415b0619497c7786e6d1db1883c071e0d3
SHA256

7bb173d6f12fefce48a6a3f2ec2d2e73bab1a1fc3c7a8f1fed35694a4053953f
SHA512

1b4a3cb9a632a4c91600f700a829f107608bffae26a1457fee8595bb74e3c7506586c607975b2802709a297af918c880b6c762ca1d628bc20d9ef9206f194448
SSDEEP

12288:lYiPU9nPU9aOZFH0PiDRs2OsBgo0q4wMD1cGXdr6m6sD9Whu0QaxIpbj2XYpOZ:lYARs2OsBgo0q4wMDedW9+Q7p1pq

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

49d00fbb783d0a1f50039699bb9e0e3a.exe

Resource

win7-20231215-en

snakekeylogger keylogger stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

49d00fbb783d0a1f50039699bb9e0e3a.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
xMdrSUH1
Email To:
[email protected]

Targets

- Target
  
  49d00fbb783d0a1f50039699bb9e0e3a
- Size
  
  600KB
- MD5
  
  49d00fbb783d0a1f50039699bb9e0e3a
- SHA1
  
  d37b84415b0619497c7786e6d1db1883c071e0d3
- SHA256
  
  7bb173d6f12fefce48a6a3f2ec2d2e73bab1a1fc3c7a8f1fed35694a4053953f
- SHA512
  
  1b4a3cb9a632a4c91600f700a829f107608bffae26a1457fee8595bb74e3c7506586c607975b2802709a297af918c880b6c762ca1d628bc20d9ef9206f194448
- SSDEEP
  
  12288:lYiPU9nPU9aOZFH0PiDRs2OsBgo0q4wMD1cGXdr6m6sD9Whu0QaxIpbj2XYpOZ:lYARs2OsBgo0q4wMDedW9+Q7p1pq
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy