snakekeylogger | 0d045dd310228dfe9b69eb26ee52a310442b8fda41bf42fe9a1c4eb09abd2e45 | Triage

Submit
Reports

Overview

overview

Static

static

3

504e1940bd...6d.exe

windows7-x64

504e1940bd...6d.exe

windows10-2004-x64

Sharing

General

Target

0d045dd310228dfe9b69eb26ee52a310442b8fda41bf42fe9a1c4eb09abd2e45
Size

495KB
Sample

240417-r8pw3aed4z
MD5

71c38d34855ef4f569ee54639fa013f3
SHA1

c119b66713ef8a7961be370ad62e3383ce705ad6
SHA256

0d045dd310228dfe9b69eb26ee52a310442b8fda41bf42fe9a1c4eb09abd2e45
SHA512

f3e8ce506bde2b0c7d09523287b3cae37c9da201acbc716d115536cbe8a4b12ecd7f407b2e452469009fbfe786bafd8abdd39ab8b7ef9012ce6a4442b2bcbc3d
SSDEEP

12288:oyL77j9Xy2xZF5LW1cDzQj52OLsbMcuygIYgx:3L7l/LiqDX3McC8

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

504e1940bd93e130262a7bd2b15fb622f178e2b533bfb5514ddc860ea164266d.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

504e1940bd93e130262a7bd2b15fb622f178e2b533bfb5514ddc860ea164266d.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.alualuminium.com.my
Port:
587
Username:
admin@alualuminium.com.my
Password:
U8G4S13#8Zk$
Email To:
ashref.majeed.ctl@gmail.com

C2

http://varders.kozow.com:8081

http://aborters.duckdns.org:8081

http://anotherarmy.dns.army:8081

Targets

- Target
  
  504e1940bd93e130262a7bd2b15fb622f178e2b533bfb5514ddc860ea164266d.exe
- Size
  
  540KB
- MD5
  
  238b899ad206afc5ec899f46b9470430
- SHA1
  
  3ca07d8621a97a15fbc2ac4c93c8bccce514274a
- SHA256
  
  504e1940bd93e130262a7bd2b15fb622f178e2b533bfb5514ddc860ea164266d
- SHA512
  
  891041de24daef90ad7e5468fe059a41a52e1862bf390a0f0cbb50b082bfc90742b9c51072e833fbaf167f9315b2f55118f2cebb08af58890e4beba00b3eed5f
- SSDEEP
  
  12288:7iCx6cbYvWgWJnJW8RHYdoCeesLRUR47DJ:A4aWr1JXHY6ysLG67F
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy