snakekeylogger | fb697916a6e8662f63ff4823de89e3c3b18e2d372358d75181df294742513d65

General

Target

151d81c0018e122e475be12b2a381fa9_JaffaCakes118
Size

873KB
Sample

240627-h3edps1clq
MD5

151d81c0018e122e475be12b2a381fa9
SHA1

6c65d010b65057068b7ce481c9dec7aa4df38eb9
SHA256

fb697916a6e8662f63ff4823de89e3c3b18e2d372358d75181df294742513d65
SHA512

a8e8b8a256abcdc5a0b9d5f9a6aaecdcccecd341e08f2eeaf5d2340be1cc08418bea5264416d7224713906ad0eec4fb58e66d0b47e97eaed24f2ae7d940bf0fa
SSDEEP

24576:5LWWE+eCS9Jlbb//Dcw8m8vIhg+f5nQULH:5LReCShHznN8Ahgg5QULH

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.sydneylaptops.com.au
Port:
587
Username:
[email protected]
Password:
Ijeomam288@

Targets

- Target
  
  Proforma Invoice.exe
- Size
  
  1.1MB
- MD5
  
  bc8974efe8eaf656b8a193b3de5e6cd7
- SHA1
  
  e9759e7a7babfa9b0b409cbe3b17a5a8c0263fa4
- SHA256
  
  743515ad392665594a63eb8ce2432e2234733685d4d6c275c3d076f8b52182bf
- SHA512
  
  510bec96208cc514b13bb6352e1321d5c74a8676b7931161121045c6463c33e4f7c3e6f25b30c9ce33ede8112fc37cda5995dab3cfe6c8b8c00daa6e8b9ca34f
- SSDEEP
  
  12288:eP3w+24oEsHFYV4dQKK7v4k00sIxHplqGh/xZdFB9h/JkIS//SDeiq0D5kFkFwn4:GRoEslXMhlRlh/xZ7B9hGIMSDetMJP
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2