snakekeylogger | b9de522fe604ad6c87cbaa01109b812e59f755e44dd134051d0f36df3929c6f7 | Triage

Submit
Reports

Overview

overview

Static

static

3

ea53a3ff38...51.exe

windows7-x64

ea53a3ff38...51.exe

windows10-2004-x64

Sharing

General

Target

b9de522fe604ad6c87cbaa01109b812e59f755e44dd134051d0f36df3929c6f7
Size

331KB
Sample

240417-rna76sbe92
MD5

e6dbdbf9050290ffc69e5b91f535281c
SHA1

6842612432f25096e5c098baf1c4ca7c22ccbf2b
SHA256

b9de522fe604ad6c87cbaa01109b812e59f755e44dd134051d0f36df3929c6f7
SHA512

ed3c9ec899f2e0a451f434a1d43cbf044a633d119b941d4a0659c4c2ce8a6cd361aef357ca6133aafb18a250f9ca94a549ad8378970e5555e6fa5f086c30af90
SSDEEP

6144:HQ53Ac+Ved8Z4Yw0d7I6wtV9LU7eD5ggq604vZWWx3r78Iwu7v:HQ5wc+VeWZ4Yst/UaJ0kxvBv

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ea53a3ff383cf9d83302a015521ec95083a4299838a7673a7c707922138b6d51.exe

Resource

win7-20240220-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

ea53a3ff383cf9d83302a015521ec95083a4299838a7673a7c707922138b6d51.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
valleycountysar.org
Port:
25
Username:
county@valleycountysar.org
Password:
iU0Ta!$K8L51

C2

http://varders.kozow.com:8081

http://aborters.duckdns.org:8081

http://anotherarmy.dns.army:8081

Targets

- Target
  
  ea53a3ff383cf9d83302a015521ec95083a4299838a7673a7c707922138b6d51.exe
- Size
  
  410KB
- MD5
  
  3aa4f27e5d5057cdfeb9f81fe6925ec8
- SHA1
  
  be5e0edb0dca42602021492ea21753a7a3b638d2
- SHA256
  
  ea53a3ff383cf9d83302a015521ec95083a4299838a7673a7c707922138b6d51
- SHA512
  
  8dbd7751405ffb1dfed9caa75f4412c03458d5ece10fe655de31083a207a256660818d9ff488c9bad88ddeb141c422c25a6d8b530bc47b9905157b758837d1cc
- SSDEEP
  
  6144:3tQkq7iHAOiXqRv+enKCjZ94XkYbjdfa7ib2C72BdkEKWGH7FHboEey/cZOsmz+u:viXG+aKCj7IFFfa7i6C7KGc46AmeMTP
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy