snakekeylogger | ffccc74b2625161d73ba369bdd931438ff7d4de8ff092423541fce4b818c99b3 | Triage

Submit
Reports

Overview

overview

Static

static

3

7161d933e8...04.exe

windows7-x64

7161d933e8...04.exe

windows10-2004-x64

Sharing

General

Target

ffccc74b2625161d73ba369bdd931438ff7d4de8ff092423541fce4b818c99b3
Size

286KB
Sample

240417-rpy1madb6y
MD5

a134997a2d4d1e2caf0d6eae1ccbed9b
SHA1

e12577eff1215115a2914325f67b35be8c7b8911
SHA256

ffccc74b2625161d73ba369bdd931438ff7d4de8ff092423541fce4b818c99b3
SHA512

1bd71888d88112e5a859d60fc5752951f9b575eb292c19720ab87e22810b0b375be9dc4d89f111d6001c067919169bf9c0bbd9f3b7f87dac6591fbcf88d4935a
SSDEEP

6144:f+7EEONfYnebCip4d+qT5LJykQGwyrngnuYM3ZcYj0shAk2PtP6eDOgxfx:fpEONQeeeZqFLJ3QebVt3Z/jzakmtP62

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7161d933e8ce30fc8824cb3532294905ca0582760a306254ad03318619519c04.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

7161d933e8ce30fc8824cb3532294905ca0582760a306254ad03318619519c04.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

http://varders.kozow.com:8081

http://aborters.duckdns.org:8081

http://anotherarmy.dns.army:8081

Targets

- Target
  
  7161d933e8ce30fc8824cb3532294905ca0582760a306254ad03318619519c04.exe
- Size
  
  333KB
- MD5
  
  b9d77c2410b5808b0e703395bb2907b7
- SHA1
  
  32e61029b0c3c25c56d5862068a3410a30a7670f
- SHA256
  
  7161d933e8ce30fc8824cb3532294905ca0582760a306254ad03318619519c04
- SHA512
  
  c9c9110c22efd1c246f289396cc00c2e2cccef97e37914a73430fa08b7ea6e8b94b61c602ea82fde28e0e956894c01fbc44d9c105902684ac5b4b83bb3388614
- SSDEEP
  
  6144:mTyLMh4wMzywrWIq/2K7SBBMIARmCmwOE7bjVPJcfsduGAnx:LLMSewr9hBSRmp6BPJU7GAx
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy