snakekeylogger | 02cb785366112aa7f83df7363d3fcf17fe704f1a4938821cd1ea3fa9fce8a701 | Triage

Submit
Reports

Overview

overview

Static

static

3

e07f355829...62.exe

windows7-x64

e07f355829...62.exe

windows10-2004-x64

Sharing

General

Target

e07f355829788140870b101e94625d62
Size

625KB
Sample

240327-ccx58scg8x
MD5

e07f355829788140870b101e94625d62
SHA1

9e22399bbe6232f63d59430ba9c5214b30a1a83f
SHA256

02cb785366112aa7f83df7363d3fcf17fe704f1a4938821cd1ea3fa9fce8a701
SHA512

4ee66ac7900c5d6fa4ca3a7d786c05ad8a0b35e1fd9fc622c9fdc059b27371b1f3321b17497d582ea199f47c94749a96d8a21b7398e94fa7d3dfec78dd2a47ee
SSDEEP

12288:fean0/aOXQ1+PPp8Nyn54A6MP09T9pDEOnbJvubEt5nm1:feN/aBCp/d89T8Gb1y+g

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e07f355829788140870b101e94625d62.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e07f355829788140870b101e94625d62.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
jBgPrcvY6
Email To:
[email protected]

Targets

- Target
  
  e07f355829788140870b101e94625d62
- Size
  
  625KB
- MD5
  
  e07f355829788140870b101e94625d62
- SHA1
  
  9e22399bbe6232f63d59430ba9c5214b30a1a83f
- SHA256
  
  02cb785366112aa7f83df7363d3fcf17fe704f1a4938821cd1ea3fa9fce8a701
- SHA512
  
  4ee66ac7900c5d6fa4ca3a7d786c05ad8a0b35e1fd9fc622c9fdc059b27371b1f3321b17497d582ea199f47c94749a96d8a21b7398e94fa7d3dfec78dd2a47ee
- SSDEEP
  
  12288:fean0/aOXQ1+PPp8Nyn54A6MP09T9pDEOnbJvubEt5nm1:feN/aBCp/d89T8Gb1y+g
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy