snakekeylogger | c82d31e4336c62147f79668c6c033c5a669c53713f880cfba7aafd3a48f74a34 | Triage

Submit
Reports

Overview

overview

Static

static

3

5bed20739f...c1.exe

windows7-x64

5bed20739f...c1.exe

windows10-2004-x64

Sharing

General

Target

c82d31e4336c62147f79668c6c033c5a669c53713f880cfba7aafd3a48f74a34
Size

331KB
Sample

240417-rnewcsbf22
MD5

862c5afd19acec33756ead3f664e1633
SHA1

b2f8648dc40c52142b5c5a41a6ee3fa5ed6d27ab
SHA256

c82d31e4336c62147f79668c6c033c5a669c53713f880cfba7aafd3a48f74a34
SHA512

2ee12afcfe1b3cc7569112db75e02655f1f0b8f672198a02726918266aaf0e57946635e7c4409508172f261897271ce04ad04d753ab89beb34298574bc88fe7e
SSDEEP

6144:xm8qQYNCFrPoBIBu8ntsjNi0w3V6qgnN4X3DnV90ASIDquDhM:MNQVFrgB7Eta8F3V6qO4nhBJquhM

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5bed20739f13f9e82e3ea63a13440fc71a94fbd38ec7c23c72839f16ef2a16c1.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

5bed20739f13f9e82e3ea63a13440fc71a94fbd38ec7c23c72839f16ef2a16c1.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
valleycountysar.org
Port:
25
Username:
county@valleycountysar.org
Password:
iU0Ta!$K8L51

C2

http://varders.kozow.com:8081

http://aborters.duckdns.org:8081

http://anotherarmy.dns.army:8081

Targets

- Target
  
  5bed20739f13f9e82e3ea63a13440fc71a94fbd38ec7c23c72839f16ef2a16c1.exe
- Size
  
  410KB
- MD5
  
  00ad0301b4173f6d289b072bdb0d261f
- SHA1
  
  4eda33721659de787974694cceba304e65b3ac78
- SHA256
  
  5bed20739f13f9e82e3ea63a13440fc71a94fbd38ec7c23c72839f16ef2a16c1
- SHA512
  
  cc3ddcbd654e6c68a09a4985cba121f223739d1d44169cc079befc77b7a199e43f26216296575e9c555229f2ee96a913a4cac8bb1f649ad345c5f375802be4d0
- SSDEEP
  
  12288:XiXG+aKCj7IFFfaUtUC7K2uz3UeXz6AmeMOPVk2:+GHVj7wfaUtpuzXzAaPVk
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy