snakekeylogger | d3731523378b28ee05796acb58b58f60f9f6021e239189acb06907abe5d008cb

General

Target

d3731523378b28ee05796acb58b58f60f9f6021e239189acb06907abe5d008cb.exe
Size

464KB
Sample

240307-dkk2badf96
MD5

1f7ac06f56077381b5097cde5c4cab87
SHA1

5738220c5460de988a1b30a3a9532fd226d9d3b8
SHA256

d3731523378b28ee05796acb58b58f60f9f6021e239189acb06907abe5d008cb
SHA512

2426d1466ec06f3e67e3fdf7f01eb79cc11e46711e955e73a28d43dc5452881bfbd62d189c082d6b6224b58ab9f51a723d58688883c61ee7703cfcfeed0f2f3f
SSDEEP

12288:vCXFQTAajA6n1tiGSZ4EidlIw8mfcMAAAAAAAAAAMA5AAAAAAAAAAAAAAAAAAAAP:vqFQTAajA4fo4EiIw8ccMAAAAAAAAAAd

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
instalacionestasende.com
Port:
25
Username:
[email protected]
Password:
VzX79@6v
Email To:
[email protected]

Targets

- Target
  
  d3731523378b28ee05796acb58b58f60f9f6021e239189acb06907abe5d008cb.exe
- Size
  
  464KB
- MD5
  
  1f7ac06f56077381b5097cde5c4cab87
- SHA1
  
  5738220c5460de988a1b30a3a9532fd226d9d3b8
- SHA256
  
  d3731523378b28ee05796acb58b58f60f9f6021e239189acb06907abe5d008cb
- SHA512
  
  2426d1466ec06f3e67e3fdf7f01eb79cc11e46711e955e73a28d43dc5452881bfbd62d189c082d6b6224b58ab9f51a723d58688883c61ee7703cfcfeed0f2f3f
- SSDEEP
  
  12288:vCXFQTAajA6n1tiGSZ4EidlIw8mfcMAAAAAAAAAAMA5AAAAAAAAAAAAAAAAAAAAP:vqFQTAajA4fo4EiIw8ccMAAAAAAAAAAd
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables with potential process hoocking
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects executables referencing many email and collaboration clients. Observed in information stealers

Detects executables with potential process hoocking

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2