snakekeylogger | 23af3a08fab73e826fdc8746455eb25159f79141af16b6a0ed2ce64914ac0718 | Triage

Submit
Reports

Overview

overview

Static

static

3

9b59cf1e69...8e.exe

windows7-x64

9b59cf1e69...8e.exe

windows10-2004-x64

Sharing

General

Target

23af3a08fab73e826fdc8746455eb25159f79141af16b6a0ed2ce64914ac0718
Size

330KB
Sample

240417-rglqbsbb88
MD5

c390f7b833342090ef68a689c75e34d0
SHA1

3a2f2fd017cd9c85fd1eb13b6ccdd7a03414550c
SHA256

23af3a08fab73e826fdc8746455eb25159f79141af16b6a0ed2ce64914ac0718
SHA512

638b6d7ba4b4dcd06da49835f759716382062cc54f4c24fc460ab22a0f2a660891814594ff83d210398069bcf5ad112f4fddd1ca9fac0d6689da011721092470
SSDEEP

6144:kBbcqKjYxrd/OYEaf8PHuKdqR5VRRoBc3EDqA1KZsL6yohRBx:cbcbQrd//EpPHuK0R53Roi3iqA1KZNlN

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9b59cf1e6991964af85280afc3c850b3e42164e2ad12a460ed80695242be568e.exe

Resource

win7-20231129-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

9b59cf1e6991964af85280afc3c850b3e42164e2ad12a460ed80695242be568e.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
instalacionestasende.com
Port:
25
Username:
carlos@instalacionestasende.com
Password:
VzX79@6v
Email To:
county@valleycountysar.org

C2

https://scratchdreams.tk

Targets

- Target
  
  9b59cf1e6991964af85280afc3c850b3e42164e2ad12a460ed80695242be568e.exe
- Size
  
  464KB
- MD5
  
  33b3a84329888a084a88712bbf7243a0
- SHA1
  
  8f74801de3966b0fccd22164a53e92574cce26e7
- SHA256
  
  9b59cf1e6991964af85280afc3c850b3e42164e2ad12a460ed80695242be568e
- SHA512
  
  929e28985a7e9053fae9bb71b8e7e70599765d1111b1fe0ba5574862081f38c214ff125e8dec49ac2082891343f89a0f93af603c01d9f3a6b3f0a1326ccf6229
- SSDEEP
  
  6144:rvCIIwryDMr/hTYf3yPxAUy8HqN4DH3fA09878ktKMMsbiGx3XnUzG9ZfhRwm:rCXn4wGxJyLw3f587rMsln3f
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy