snakekeylogger | 2339e6e1cedb9d0fa09a0322d56c1d6bc2451a27bdadbd3ce16d58dae4825d21 | Triage

Submit
Reports

Overview

overview

Static

static

3

b8410c46b6...db.exe

windows7-x64

b8410c46b6...db.exe

windows10-2004-x64

Sharing

General

Target

2339e6e1cedb9d0fa09a0322d56c1d6bc2451a27bdadbd3ce16d58dae4825d21
Size

344KB
Sample

240417-r9nemaed9z
MD5

9c333210ce94e82031d035fee7147843
SHA1

18635407565c40a88d80d065eba84f31fd06e658
SHA256

2339e6e1cedb9d0fa09a0322d56c1d6bc2451a27bdadbd3ce16d58dae4825d21
SHA512

1213e6f5dd435610593cf43a7fe3889dd66144867adcc35b8e9cbfb729aa2d37326aaefd3abbee1a43aedbc4a0c29b32b99dbb2b0ea57e2ac2056a0417443874
SSDEEP

6144:hsrKN28GjFAIzL3y88d+mj6ovyu/k3/5AlN+52jqqHwNwS1k0N21A5Cgpi:vN28pIL3Z80I6oK2XwkQmmTN21A5Cg8

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b8410c46b62f3f4fa0255c4fa37c4899f2fa7ee69883d35bd178e629e2db24db.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

b8410c46b62f3f4fa0255c4fa37c4899f2fa7ee69883d35bd178e629e2db24db.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

http://varders.kozow.com:8081

http://aborters.duckdns.org:8081

http://anotherarmy.dns.army:8081

Targets

- Target
  
  b8410c46b62f3f4fa0255c4fa37c4899f2fa7ee69883d35bd178e629e2db24db.exe
- Size
  
  430KB
- MD5
  
  26f04ab3380bd390d9b8616812a79aea
- SHA1
  
  1a86d45a3190cfcff773fdb67fa5aca145f67c7c
- SHA256
  
  b8410c46b62f3f4fa0255c4fa37c4899f2fa7ee69883d35bd178e629e2db24db
- SHA512
  
  8256aba8b115dc58806e2f2148327123de1379a1b2dbed403cfc0badf8ee65ab9eee8e97022dd23c490df209f863ff17624b0b479bc19b7968a4e74eca6f9452
- SSDEEP
  
  6144:RRGAKmcqrclxtqQ9SUBHWTI3KNkOOXWNlbfA/ZoOJcTg5O33UVuK9Uk/knb/UBUq:9cpkQ9FWTLP/NtI/StTuOzKy1oSsH
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy