snakekeylogger | e3d9eaa19def39e08d449fa3a4e944681abf26e50c1afa3df043b90d18cac689 | Triage

Submit
Reports

Overview

overview

Static

static

3

SHD098656789000.exe

windows7-x64

SHD098656789000.exe

windows10-2004-x64

Sharing

General

Target

12042024_2035_12042024_SHD098656789000.pdf.uu
Size

39KB
Sample

240412-pssxnsdd9x
MD5

8be1bc384f57ad68f50027c6135e6da4
SHA1

bdd9d3e38236f01cd8361d6da43f6a8888beaa28
SHA256

e3d9eaa19def39e08d449fa3a4e944681abf26e50c1afa3df043b90d18cac689
SHA512

96cba8a8a13842639604a49c23c0ee8bbffc2e2cb0c8acc6ddca90a6484903fbc7dab2a6d63bfd5b9aea793843d27c1a7cd0c1c53acb6e635d9f572166086143
SSDEEP

768:wEKXhgkJHn+z5w4iWrQ8x93DNrbXutigfAWCyVQkoEiw1C1Kx/IWo/szOXmS48QE:wEK2kJHny+yQ8xdDNR4RONjw1Cc/Ix6a

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SHD098656789000.exe

Resource

win7-20240221-en

snakekeylogger collection keylogger stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

SHD098656789000.exe

Resource

win10v2004-20240226-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.daipro.com.mx
Port:
587
Username:
contabilidad@daipro.com.mx
Password:
DAIpro123**
Email To:
saleseuropower1@yandex.com

C2

https://scratchdreams.tk

Targets

- Target
  
  SHD098656789000.cmd
- Size
  
  96KB
- MD5
  
  457c95b461b3b1c468660483c62042dd
- SHA1
  
  a2eeb39b7032d0237001839296ef8034549eddf8
- SHA256
  
  ca8997fe1d8d8fc50a30c511b4cef998fc6dcc3e4547735c55808ad9e02bc588
- SHA512
  
  40ab2425547ff9b8440eb25ed10b66569c1cb10b0331e32e21126a7907fe68b52edeb73979e55645269dcd26010ad82cc55efa7fef72d54b3a530c9f41eb5853
- SSDEEP
  
  1536:liWQjfI3Uyqu9egnHl+HK6R9THt+8bqM8T1kLH:llQ4Tqu9egnHMKU9TWM8TYH
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy