snakekeylogger | f4685f464984ed57ef222aca3a61002432696d6ec8df3b0c1b3bee424054965f | Triage

Submit
Reports

Overview

overview

Static

static

3

9a51ed2069...94.exe

windows7-x64

9a51ed2069...94.exe

windows10-2004-x64

Sharing

General

Target

f4685f464984ed57ef222aca3a61002432696d6ec8df3b0c1b3bee424054965f
Size

550KB
Sample

240417-sa3wpsdb49
MD5

f4f3f53c773b8a5820df813227936377
SHA1

e745fd7a92db2014e560c5975d4fb6a5b3bf4669
SHA256

f4685f464984ed57ef222aca3a61002432696d6ec8df3b0c1b3bee424054965f
SHA512

01d8e31af597d2acde04c5e3158b11acd2e320aa68cd4d2c93e34310e030c0db3fb9dd734af2fda3d602dcc321061bc3cac57caca2a545d1784ff507edca5c69
SSDEEP

12288:fKEhKvphaHKuRai0pwlqXrLzffJYVzgc6gg/W9BU:f/KeKuqq+rLzfRkp6k3U

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9a51ed2069f54c90bac392ebb1081aa64dee9c2705df9944bc43db671c87dd94.exe

Resource

win7-20240220-en

snakekeylogger keylogger stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

9a51ed2069f54c90bac392ebb1081aa64dee9c2705df9944bc43db671c87dd94.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.alualuminium.com.my
Port:
587
Username:
admin@alualuminium.com.my
Password:
U8G4S13#8Zk$
Email To:
ashref.majeed.ctl@gmail.com

C2

http://varders.kozow.com:8081

http://aborters.duckdns.org:8081

http://anotherarmy.dns.army:8081

Targets

- Target
  
  9a51ed2069f54c90bac392ebb1081aa64dee9c2705df9944bc43db671c87dd94.exe
- Size
  
  735KB
- MD5
  
  4c386a3d7503f6c5e5bb18ea790839bf
- SHA1
  
  381687be4488cd4d9057e9f2ee908c4fd6cee57b
- SHA256
  
  9a51ed2069f54c90bac392ebb1081aa64dee9c2705df9944bc43db671c87dd94
- SHA512
  
  5cebdb1d62d5a44dbd30990d39a263853d0652f784218c39301c3f2f9963bd1941d88763cfa088ac90535e580aa013ec5faae83400cc2ee54a922390f5e85421
- SSDEEP
  
  12288:PAS8ufoWOkXnCLBittu4zY6zEsHLc/ZnBxti6t:DpOkgifuWzuCy
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy