snakekeylogger | c0e3104c11d6bce0669614080be16f2a7c0dec575bced9174eac48b84f1b2271 | Triage

Submit
Reports

Overview

overview

Static

static

3

6c7b0d0545...59.exe

windows7-x64

6c7b0d0545...59.exe

windows10-2004-x64

Sharing

General

Target

c0e3104c11d6bce0669614080be16f2a7c0dec575bced9174eac48b84f1b2271
Size

345KB
Sample

240417-r6ctqacg58
MD5

2648d8be728b16c4f9b0120d751a8838
SHA1

13e6f9808a10b345842176a80ccaa8c69abd2522
SHA256

c0e3104c11d6bce0669614080be16f2a7c0dec575bced9174eac48b84f1b2271
SHA512

541b2531c6688c191293416add695f2c20c14179b0ee8712a50fb6ad3d611bfabca632c13fd71633a96c23f31fba1359810571b0e8b42887f9de64f6a509e598
SSDEEP

6144:deIEyyL3vS/OwOQzPkf9gycFuAQgrWrpCDs+/bg+ty2V4HhYeehL:dJEyyTq/FOrfSSU3zgdHFehL

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6c7b0d0545f5d55e896d26d244a411024cabbdb26c96744839e22c16a4495659.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

6c7b0d0545f5d55e896d26d244a411024cabbdb26c96744839e22c16a4495659.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

http://varders.kozow.com:8081

http://aborters.duckdns.org:8081

http://anotherarmy.dns.army:8081

Targets

- Target
  
  6c7b0d0545f5d55e896d26d244a411024cabbdb26c96744839e22c16a4495659.exe
- Size
  
  456KB
- MD5
  
  3f1e87cd3c3310b42cb8787ea8a89056
- SHA1
  
  06769fb29ef98f2cfb6a93929d3da8cb1ef7c193
- SHA256
  
  6c7b0d0545f5d55e896d26d244a411024cabbdb26c96744839e22c16a4495659
- SHA512
  
  e9070a1d68605006f40f873200bafcfdd0cfd5cd6cd127e9a0d93a157b7d84934d5c07b9a9df9580b46a504c9e2c32d49a197848a15d6af1e8c2d2d79d66ec81
- SSDEEP
  
  12288:J53M+dQj4IqNEyQCuz0cxsLirSH678+9tf:HM+KjPyQCuzVyLi2ByB
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy