snakekeylogger | fafaddbb1565d7ce0c43c349d7fe4858fffcdf1ef8d29f73b906d275209cf641 | Triage

Submit
Reports

Overview

overview

Static

static

3

8f44201b56...e9.exe

windows7-x64

8f44201b56...e9.exe

windows10-2004-x64

Sharing

General

Target

fafaddbb1565d7ce0c43c349d7fe4858fffcdf1ef8d29f73b906d275209cf641
Size

444KB
Sample

240417-saw36aee8s
MD5

e249ac1f7cd059785d965043b71fb539
SHA1

6443c7e8bc539a997ae27d031707af52c4211f0d
SHA256

fafaddbb1565d7ce0c43c349d7fe4858fffcdf1ef8d29f73b906d275209cf641
SHA512

556a67ad81d3ea8017f573e060ae5859f224456ad9366c4c6794b61d3cb15a6da969caa78753a5a41394de3e5cc08908f4b95877ac22b0be28ee7a03b2fc756f
SSDEEP

6144:WWH8/vsH4bU1emvbgboG8Qch8C5zPRsSXqnNXeKoKjwFklfO5MPtBJ7awX3NNd8S:BiVvMWsrRsS2NuYjmkl2qPNawX9D7

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8f44201b56398e30425dab3f99cda8c490e3b4ded5f8d545de18f779f1feb6e9.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

8f44201b56398e30425dab3f99cda8c490e3b4ded5f8d545de18f779f1feb6e9.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

http://varders.kozow.com:8081

http://aborters.duckdns.org:8081

http://anotherarmy.dns.army:8081

Targets

- Target
  
  8f44201b56398e30425dab3f99cda8c490e3b4ded5f8d545de18f779f1feb6e9.exe
- Size
  
  772KB
- MD5
  
  d064646721e6e070b61daecc9396bd63
- SHA1
  
  aa6194967f091d6ad78ee72b937dde20a89fcfb9
- SHA256
  
  8f44201b56398e30425dab3f99cda8c490e3b4ded5f8d545de18f779f1feb6e9
- SHA512
  
  b3eaedec7c2007a0fc5f1ce3d726a13bc9a69d6dbcd1f2db05a7db023917a02f533626a1c79648d613f014c17b358d70fb714b1939bd329d01113f0348bcbbd1
- SSDEEP
  
  12288:dJpHCmbibyjK567+fJzJjIOppNcTB+iIPsMI:ZCtyjK5QyJjIGpNcT+P
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy