snakekeylogger | 3f934d01d35a6ebc8f94dea5011411c63107b1be65bcea2be90275c845bb9b86 | Triage

Submit
Reports

Overview

overview

Static

static

3

letter of ...ts.exe

windows7-x64

letter of ...ts.exe

windows10-2004-x64

Sharing

General

Target

e0b91bf8c3208cf809b8320ae2bc6353
Size

1.8MB
Sample

240327-em7hrsfc9s
MD5

e0b91bf8c3208cf809b8320ae2bc6353
SHA1

1a49d869f20b1579345052b9135deff849e8cd4b
SHA256

3f934d01d35a6ebc8f94dea5011411c63107b1be65bcea2be90275c845bb9b86
SHA512

c6a449e86991fee3a5e0fc7661a41b685498bd09402608e759d766a971a064dc1b0397ccfa1ac819c0cfbcf6cf873e8739d8398e3107c11142ac4faabe579056
SSDEEP

24576:v5MI676DO9fx8Dgyfx8Dg9AW9/gOiEpvWnNwDZFSL:vt676858Dgy58DgPoO1BWnCZU

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

letter of ITB documents.exe

Resource

win7-20240220-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

letter of ITB documents.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.fireacoustics.com
Port:
587
Username:
[email protected]
Password:
_d:rzD~62Jxh
Email To:
[email protected]

Targets

- Target
  
  letter of ITB documents.exe
- Size
  
  1.2MB
- MD5
  
  bdacafc76193287481aacc058157b552
- SHA1
  
  3f07cd8af332cc05e0faffb4b3abc673c1dbae94
- SHA256
  
  ddc80f262bf86345a0be3981054a8bcc1b06635e948365ceeb159688afcb51ce
- SHA512
  
  17be9b28d5a2d96e9414b8178589e9e8d0ce159ded86043c1eff061afdd87972fedd3e8e6dcada6dc297706306ce3ee2a10bcd5a86be6bba097c916b125ae172
- SSDEEP
  
  24576:35MI676DO9fx8Dgyfx8Dg9AW9/gOiEpvWnNwDZFSL:3t676858Dgy58DgPoO1BWnCZU
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy