snakekeylogger | 4d2c175357d337378f1747f46ab05097fde724a0ce4256843dd93e97d1a23e1d | Triage

Submit
Reports

Overview

overview

Static

static

3

b5fe6421c3...df.exe

windows7-x64

b5fe6421c3...df.exe

windows10-2004-x64

Sharing

General

Target

4d2c175357d337378f1747f46ab05097fde724a0ce4256843dd93e97d1a23e1d
Size

367KB
Sample

240417-rnm7qsbf32
MD5

7b3547eefe811fa26090ef2a61571883
SHA1

b3984d53547dd911df834b3ef332dad8dc2301a4
SHA256

4d2c175357d337378f1747f46ab05097fde724a0ce4256843dd93e97d1a23e1d
SHA512

5b6906040562fbb77e7b66d7fd87cdd80ec510d1f27c6c7852044233b7afe3ee97014352685e93220daf55755fa5eef08bcc573eb999569912d0ba11ddb31b28
SSDEEP

6144:ZEMdR6pqpdrvGLaDW8koXgA/RXXb++AME0ZqQozGUmVDdPL7WiptSFcyGL3lpSJG:DdRoseLaDW8koLxXbb5qTzGUkdPHWiKc

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b5fe6421c3088686eace4973a13c181cfdeb91580f83dfc49377eba12bd294df.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

b5fe6421c3088686eace4973a13c181cfdeb91580f83dfc49377eba12bd294df.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
valleycountysar.org
Port:
25
Username:
county@valleycountysar.org
Password:
iU0Ta!$K8L51

C2

http://varders.kozow.com:8081

http://aborters.duckdns.org:8081

http://anotherarmy.dns.army:8081

Targets

- Target
  
  b5fe6421c3088686eace4973a13c181cfdeb91580f83dfc49377eba12bd294df.exe
- Size
  
  482KB
- MD5
  
  4090918323184c64f0e1ff3acbe036d6
- SHA1
  
  d9fafdb2e4b4b7a85dc4cefe795fff1ffd196fd6
- SHA256
  
  b5fe6421c3088686eace4973a13c181cfdeb91580f83dfc49377eba12bd294df
- SHA512
  
  f1a48b407188e6db072a9bc95255af6dea7508b659e7fc58403631e28ddff6b3cb2a786ec03c79de458282cc64369682c4ec32fa1cf1af185fa18d4e57349e08
- SSDEEP
  
  12288:UYxyoFIqFb9s0SooS+/LF7NVSYxmrxjOyz:UGiAs0SYYLFJVSsyxCyz
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy