snakekeylogger | 3fd9b94e35054c09e2e98340bf13b6dda8e116581f93e70e5569960476af6747

General

Target

31052024_1638_31052024_Shipment Details.zip
Size

299KB
Sample

240531-t5vz1sec2t
MD5

12eca945b1a53e928bd2fa5e193154aa
SHA1

e20e2faf59781db64e70e9e978eb40f5346ba228
SHA256

3fd9b94e35054c09e2e98340bf13b6dda8e116581f93e70e5569960476af6747
SHA512

99c9c40a067ab4f5e8f1e20abdccee03d1d3770ee8fcb456da2718ae502177711814f6a6303e151ff59814e48ed33d4323b8aac90341cd1cb24b8ac4fb830b9a
SSDEEP

6144:JHEQeWihHD05hC0j5kX6n7CSDdY8F8aaVhGcAzgCP:JHWWiZg5hDj5kK7tAhFoHP

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
valleycountysar.org
Port:
26
Username:
[email protected]
Password:
iU0Ta!$K8L51

C2

http://103.130.147.85

Targets

- Target
  
  Shipment Details.exe
- Size
  
  487KB
- MD5
  
  872bbb237a362dcbb6ed49f2cf08ce00
- SHA1
  
  0dee059eca565849ede6ae714c6d54f38ab00eb6
- SHA256
  
  61455fae1e8e4d16ed8767aa93f1395472f7bb5834af3bd187e59b2f86b232b1
- SHA512
  
  400e2fd34fd78746d79c3aeef48bb55418249ca668ee9c75dcfa821553b1ef1208a5746cb3c8952634e5727c096d4b52bcffd02d2d53a7be56ed48888c6051fd
- SSDEEP
  
  12288:O2k7qtj0tLZ7ROdEUYBvk7ntTh2YKyCMHjeEG2E5LgU/EnclpEOMEw/EEEEGEhJY:CrvEG2E5LgU/EnclpEOMEw/EEEEGEhJY
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2