snakekeylogger | 29c437be7e4d6f26b23db2e849acdc4c5d19bf8d7ad5ce0c49538857224805db

General

Target

29c437be7e4d6f26b23db2e849acdc4c5d19bf8d7ad5ce0c49538857224805db
Size

344KB
Sample

231226-vak21aeee9
MD5

ec448fc8275a57a2d76f8c6c6e7523f0
SHA1

d51667d428329d446a0f81d72ede39e34ee6142c
SHA256

29c437be7e4d6f26b23db2e849acdc4c5d19bf8d7ad5ce0c49538857224805db
SHA512

b71f5fbea3cceb05477d20f5494d000ccf8b6ee30e2f0b46af6fd60e034db25730737f9c2baf620273cec63ab681f9f0349a3bde1ead67eb1f2817fba6629d07
SSDEEP

6144:waFQyV7h07Pg7sRchpr8zIpRkiv78+r3JKmQHhSZNgM72AAywwdVEnxIG:B1l0k8UVKIpNv7lJh4hqfBA8dVEnx7

Score

10^/10

Malware Config

Targets

- Target
  
  mv Sider Capri Particulars.exe
- Size
  
  432KB
- MD5
  
  791d56774e02ea0ab8fe059c85cc2ebd
- SHA1
  
  b9bc54f8cc756e694a9e986416ff69da390eba65
- SHA256
  
  504b7897b009fab8381a73f6298317e2d5245a98b2a27530e66233f682671c45
- SHA512
  
  b404955b6f0195397f796c7c51409e71d6040b36a8c5e37f8f8c710f249be828d95a13d49a62d1f84ae7febe77290fa87ad1c14ee977bac7713cb8e972e404d3
- SSDEEP
  
  12288:E2t+axyVJLzNnZa693JxwTIAqf2HQGZwLs41:vwVJLzNno695x+I32XbQ
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Drops startup file
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Snake Keylogger

Snake Keylogger payload

Drops startup file

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2