snakekeylogger | 1b9364fda00fef904d7bf2ed18cb60fdcabc78b9b1b586c826752603b3756658 | Triage

Submit
Reports

Overview

overview

Static

static

3

d85b912c51...8c.exe

windows7-x64

d85b912c51...8c.exe

windows10-2004-x64

Sharing

General

Target

1b9364fda00fef904d7bf2ed18cb60fdcabc78b9b1b586c826752603b3756658
Size

367KB
Sample

240417-r9atjaed7z
MD5

45e75b53fbed9938a1b9ea8b80653ace
SHA1

9323da48a757b9b5e5c6fbf533f7a31758b42f26
SHA256

1b9364fda00fef904d7bf2ed18cb60fdcabc78b9b1b586c826752603b3756658
SHA512

22d74470d0ab582ff906a2fe3fa9a255300b11d611fa6e3c7604eb94c315520bab9f23fad2838a61efaa0666ff60f521945483d3429dd0359a0b34431d3ef1f2
SSDEEP

6144:PHHZj8LqLFbjFLt8DLuYpPtEOg7ndrkE2jCp6JC5Da/0dvExcaDc4k+GBQ9:PHHhLnLt8DL98zdz2jghJaM1WbDHT

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d85b912c5171741966d6c8238db04de39b56ed1b696ccf7a32400d34cd29338c.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

d85b912c5171741966d6c8238db04de39b56ed1b696ccf7a32400d34cd29338c.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

http://varders.kozow.com:8081

http://aborters.duckdns.org:8081

http://anotherarmy.dns.army:8081

Targets

- Target
  
  d85b912c5171741966d6c8238db04de39b56ed1b696ccf7a32400d34cd29338c.exe
- Size
  
  492KB
- MD5
  
  eed3180705c584f83fce43b5a89a4d95
- SHA1
  
  7b49f051d5bab815ee88748368fb06ad07ba70a7
- SHA256
  
  d85b912c5171741966d6c8238db04de39b56ed1b696ccf7a32400d34cd29338c
- SHA512
  
  3b35e07a6d117700725d1569079eb44dc1fb98189d2fae55b2d9797a29365ef36fe794184561eb429fd0737fabbc2e8a282430a22725558ec7424cbfe06e878e
- SSDEEP
  
  12288:l/ipq9IbMmP2qXTeyOnTYBbsAOvrYfQ6:l/BgMm+qDebGZouQ6
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy