snakekeylogger | 69b96339e1bfc4e64ff7b8c5af0a3f43055b149cdbac3d814db982e25b2a4357 | Triage

Submit
Reports

Overview

overview

Static

static

3

bb76efebcd...f0.exe

windows7-x64

bb76efebcd...f0.exe

windows10-2004-x64

Sharing

General

Target

69b96339e1bfc4e64ff7b8c5af0a3f43055b149cdbac3d814db982e25b2a4357
Size

401KB
Sample

240417-rqw8esdc3v
MD5

8543f55541c729f1c7a2fb8f03399b09
SHA1

ac3e31d0df091f630e9d9bcd0886dfff86b904fb
SHA256

69b96339e1bfc4e64ff7b8c5af0a3f43055b149cdbac3d814db982e25b2a4357
SHA512

959eff7d777493bc758956fccb7ce090987617c4cd9cc08780154f4d13e3eec735cebc5a2196c82d01c8cf24a02148268103d9bcb78073d267f9d17b4c31deef
SSDEEP

12288:zdnXOow9OfilvngXKQM8emlW7VXbUvqGD9KJtr7r3u:pOawIX7atbyKJtr7r+

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bb76efebcd4a82f8a51e25e2bb4bd63625db2e6f03d07452d1cfa060918c62f0.exe

Resource

win7-20240319-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

bb76efebcd4a82f8a51e25e2bb4bd63625db2e6f03d07452d1cfa060918c62f0.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

http://varders.kozow.com:8081

http://aborters.duckdns.org:8081

http://anotherarmy.dns.army:8081

Targets

- Target
  
  bb76efebcd4a82f8a51e25e2bb4bd63625db2e6f03d07452d1cfa060918c62f0.exe
- Size
  
  651KB
- MD5
  
  bd1e1c32c0d45c1a6c0c70a8b83740e2
- SHA1
  
  9a33ffe797f9318289b10e41d4ed10d966cfd578
- SHA256
  
  bb76efebcd4a82f8a51e25e2bb4bd63625db2e6f03d07452d1cfa060918c62f0
- SHA512
  
  534cc7c29dd7a15d6b8e29ba15c3a44baeb315f7826da19877d12052418899d9093403f2bd5800594d885e30ab7790fc1faea254d79fd42ed7f88beafed3947f
- SSDEEP
  
  12288:Ue69UNW+A0BroXA2u9pAxzJxj2hCGXbmBoznolq5Ic:Uer5rcu9gNxjMvrmBoznoMu
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy