snakekeylogger | 9745e0d21f50b1c553b40e8c353b11bb172a2bae1a83b3b9cfce26f9e01b3b89 | Triage

Submit
Reports

Overview

overview

Static

static

3

Halkbank_E...55.exe

windows7-x64

Halkbank_E...55.exe

windows10-2004-x64

Sharing

General

Target

Halkbank_Ekstre_20230426_075819_154055.exe
Size

856KB
Sample

240502-lw7nfsed4v
MD5

42199f4a8e3d9fe6ce26a7d4922afec7
SHA1

4e7547a14798f7c4520fab21ea2e34989bf27bc7
SHA256

9745e0d21f50b1c553b40e8c353b11bb172a2bae1a83b3b9cfce26f9e01b3b89
SHA512

3d4e92428c11f2c5df88550abae2ff0dc9dc74629b0d6943836445d594cfc2d856bd08e7c9ee51507bfd9d1a9909f97d1c21e1804637f4bacdc7bfe8d05491d2
SSDEEP

12288:xUE2iNdlONhj8Z/SMfIi6D0zgghZPebvoI9P2WcyHdSFYQ:V1PlONV8ZrfdKcovoWuWb95

Score

10^/10

snakekeylogger collection keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Halkbank_Ekstre_20230426_075819_154055.exe

Resource

win7-20240221-en

snakekeylogger collection keylogger spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Halkbank_Ekstre_20230426_075819_154055.exe

Resource

win10v2004-20240419-en

snakekeylogger collection keylogger spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.eraslangroup.net
Port:
587
Username:
info@eraslangroup.net
Password:
aHZAyjDK
Email To:
boxdraft80@gmail.com

C2

https://scratchdreams.tk

Targets

- Target
  
  Halkbank_Ekstre_20230426_075819_154055.exe
- Size
  
  856KB
- MD5
  
  42199f4a8e3d9fe6ce26a7d4922afec7
- SHA1
  
  4e7547a14798f7c4520fab21ea2e34989bf27bc7
- SHA256
  
  9745e0d21f50b1c553b40e8c353b11bb172a2bae1a83b3b9cfce26f9e01b3b89
- SHA512
  
  3d4e92428c11f2c5df88550abae2ff0dc9dc74629b0d6943836445d594cfc2d856bd08e7c9ee51507bfd9d1a9909f97d1c21e1804637f4bacdc7bfe8d05491d2
- SSDEEP
  
  12288:xUE2iNdlONhj8Z/SMfIi6D0zgghZPebvoI9P2WcyHdSFYQ:V1PlONV8ZrfdKcovoWuWb95
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerspywarestealer

behavioral2

snakekeyloggercollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy