snakekeylogger | eb2872f8fda5c670a3eb885e34419bb937e7dc9c5cbde9c4536db942d88fd8bb

General

Target

MT Sea Gull 9 Particulars.exe
Size

491KB
Sample

240614-x8x6bsxaln
MD5

bfcf16b61252cc02fa2b336953c471cf
SHA1

736aacda3a3c45f81d8c569c4874e8ce012aae9e
SHA256

eb2872f8fda5c670a3eb885e34419bb937e7dc9c5cbde9c4536db942d88fd8bb
SHA512

bed1ee6d9956ce361ef6c9ce1e3b68f775ad926e1a5499b8b95763975e70577bda4ed9862e48c9f92a8c1b1eecd826ce3db860eed8fbb42e7b63a94dff8043cb
SSDEEP

6144:SrAtowVO25VCgRz0ooOqdM250wOSKeL4gL+4q00m89XhbbJCq9AbcJ8lKX:ttt659a4l0m89RnJbmbWX

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
valleycountysar.org
Port:
26
Username:
[email protected]
Password:
fY,FLoadtsiF

C2

http://103.130.147.85

Targets

- Target
  
  MT Sea Gull 9 Particulars.exe
- Size
  
  491KB
- MD5
  
  bfcf16b61252cc02fa2b336953c471cf
- SHA1
  
  736aacda3a3c45f81d8c569c4874e8ce012aae9e
- SHA256
  
  eb2872f8fda5c670a3eb885e34419bb937e7dc9c5cbde9c4536db942d88fd8bb
- SHA512
  
  bed1ee6d9956ce361ef6c9ce1e3b68f775ad926e1a5499b8b95763975e70577bda4ed9862e48c9f92a8c1b1eecd826ce3db860eed8fbb42e7b63a94dff8043cb
- SSDEEP
  
  6144:SrAtowVO25VCgRz0ooOqdM250wOSKeL4gL+4q00m89XhbbJCq9AbcJ8lKX:ttt659a4l0m89RnJbmbWX
Score

10^/10

snakekeylogger keylogger stealer collection spyware
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2