snakekeylogger | e7757fdf8b8e6b584cab959c54383e10065ba2aceb5dd653dd0566d4cbce1ec8

General

Target

Vessel Particulars.exe
Size

696KB
Sample

240221-lglgnsdf61
MD5

c4218b58d2302e31d13f88661f66c64b
SHA1

169b29b77b3e30db3a883762159b45856c421590
SHA256

e7757fdf8b8e6b584cab959c54383e10065ba2aceb5dd653dd0566d4cbce1ec8
SHA512

3de50ca942275f9ec40599691e06e6c0011a25199706f3dcab696158daefa6e627ffac4b0b777295d3dfb3fdb1137b274c81ae4cf04828db61c635894a2e4cf0
SSDEEP

12288:/k3jw7WkDA0CjZxYZ56i3ToFKlEsHj1Iiu+vht:M3jw7i0Cjc56YOK9vv

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
valleycountysar.org
Port:
25
Username:
[email protected]
Password:
iU0Ta!$K8L51

Targets

- Target
  
  Vessel Particulars.exe
- Size
  
  696KB
- MD5
  
  c4218b58d2302e31d13f88661f66c64b
- SHA1
  
  169b29b77b3e30db3a883762159b45856c421590
- SHA256
  
  e7757fdf8b8e6b584cab959c54383e10065ba2aceb5dd653dd0566d4cbce1ec8
- SHA512
  
  3de50ca942275f9ec40599691e06e6c0011a25199706f3dcab696158daefa6e627ffac4b0b777295d3dfb3fdb1137b274c81ae4cf04828db61c635894a2e4cf0
- SSDEEP
  
  12288:/k3jw7WkDA0CjZxYZ56i3ToFKlEsHj1Iiu+vht:M3jw7i0Cjc56YOK9vv
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2