snakekeylogger | f53b6f8e91679e4eab7e2110784331f775af9c0956dccdc49a217157bc5b8880

General

Target

f53b6f8e91679e4eab7e2110784331f775af9c0956dccdc49a217157bc5b8880.exe
Size

432KB
Sample

240608-jarn1abb35
MD5

5b541c6a1f61ddeebe5c13b912e1574e
SHA1

65eb36a35270c65c2efc9da05e445a959da03935
SHA256

f53b6f8e91679e4eab7e2110784331f775af9c0956dccdc49a217157bc5b8880
SHA512

9ba071dc6b2a613005670203b605fdf0dcf6219219c2312f62bcc3e35186567d414a5f3a9657fe52df1ba5ff2c040a0eac68e87917d1b4b1d09d06effede0c82
SSDEEP

6144:HGGQjEEoXW8SzpzfC0e//0xn3dVQe4Sf1BBQwIb84mB9kXjhoa4cXDSJDRa4S2:mGQjEEMBSBfC0B3fQR7b1YDYQ7

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
valleycountysar.org
Port:
26
Username:
[email protected]
Password:
fY,FLoadtsiF

C2

http://103.130.147.85

Targets

- Target
  
  f53b6f8e91679e4eab7e2110784331f775af9c0956dccdc49a217157bc5b8880.exe
- Size
  
  432KB
- MD5
  
  5b541c6a1f61ddeebe5c13b912e1574e
- SHA1
  
  65eb36a35270c65c2efc9da05e445a959da03935
- SHA256
  
  f53b6f8e91679e4eab7e2110784331f775af9c0956dccdc49a217157bc5b8880
- SHA512
  
  9ba071dc6b2a613005670203b605fdf0dcf6219219c2312f62bcc3e35186567d414a5f3a9657fe52df1ba5ff2c040a0eac68e87917d1b4b1d09d06effede0c82
- SSDEEP
  
  6144:HGGQjEEoXW8SzpzfC0e//0xn3dVQe4Sf1BBQwIb84mB9kXjhoa4cXDSJDRa4S2:mGQjEEMBSBfC0B3fQR7b1YDYQ7
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2