snakekeylogger | e81ff60c955d9f232d4812a68ef4335f204be923d6aa75c5d309e8fe76eed1ed

General

Target

e81ff60c955d9f232d4812a68ef4335f204be923d6aa75c5d309e8fe76eed1ed.exe
Size

130KB
Sample

240409-c9w97sfg5w
MD5

eb9d9bc525bf2cfd5a566ff1939a65d8
SHA1

d1d9c33251db984f86a31033d94e365ff2787ad6
SHA256

e81ff60c955d9f232d4812a68ef4335f204be923d6aa75c5d309e8fe76eed1ed
SHA512

2a41f25fd63148ed2eb2e1b26ae2c889a09c93bcad8ad5ecdf1e7e8deeeceecc030d6a05c38bd520c49d68219721016e62f6d4dfb35407db8fc53b0264239335
SSDEEP

3072:AA1JAirk7zoewGuynWGMUdNL9blyFFAsQ2wvxLO4LygbY:1AirqzoP6Vd9bKv4L7b

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://scratchdreams.tk

Extracted

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
EbxKZL@2

Targets

- Target
  
  e81ff60c955d9f232d4812a68ef4335f204be923d6aa75c5d309e8fe76eed1ed.exe
- Size
  
  130KB
- MD5
  
  eb9d9bc525bf2cfd5a566ff1939a65d8
- SHA1
  
  d1d9c33251db984f86a31033d94e365ff2787ad6
- SHA256
  
  e81ff60c955d9f232d4812a68ef4335f204be923d6aa75c5d309e8fe76eed1ed
- SHA512
  
  2a41f25fd63148ed2eb2e1b26ae2c889a09c93bcad8ad5ecdf1e7e8deeeceecc030d6a05c38bd520c49d68219721016e62f6d4dfb35407db8fc53b0264239335
- SSDEEP
  
  3072:AA1JAirk7zoewGuynWGMUdNL9blyFFAsQ2wvxLO4LygbY:1AirqzoP6Vd9bKv4L7b
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables with potential process hoocking
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects executables referencing many email and collaboration clients. Observed in information stealers

Detects executables with potential process hoocking

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2