snakekeylogger | 685dc0878ffe7e57d27ca6ba6203c4f5e22d0b51f08789e1d9f21667a23be343

General

Target

SecuriteInfo.com.Trojan.PackedNET.2944.29161.19818.exe
Size

523KB
Sample

240710-ld6y7s1hra
MD5

b00f52c8fb7283fb0f891e655afff691
SHA1

9a01a0488e865144ce62a9a9449bb0944e902d43
SHA256

685dc0878ffe7e57d27ca6ba6203c4f5e22d0b51f08789e1d9f21667a23be343
SHA512

7499a56bf16e9e074ddf7da40f62d527b1fde2d45a1712c003e472173c68841e62f021c846f6b9cafd870bb539e61cc4f9ce222a20972ea3310968b051e921d8
SSDEEP

6144:O4hzJ7My65/rJdHHfrCT5ZmadW/olg/VMd/OAG5MvRUL8g60uqr2yf3WPf1FLXR7:O2Ydno5Zm8gtS/Obl60g7FFDuZPm

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7453718512:AAES5hRu31nvzPV9dNyxr5z9J1zQM8HdxXg/sendMessage?chat_id=7058518432

Targets

- Target
  
  SecuriteInfo.com.Trojan.PackedNET.2944.29161.19818.exe
- Size
  
  523KB
- MD5
  
  b00f52c8fb7283fb0f891e655afff691
- SHA1
  
  9a01a0488e865144ce62a9a9449bb0944e902d43
- SHA256
  
  685dc0878ffe7e57d27ca6ba6203c4f5e22d0b51f08789e1d9f21667a23be343
- SHA512
  
  7499a56bf16e9e074ddf7da40f62d527b1fde2d45a1712c003e472173c68841e62f021c846f6b9cafd870bb539e61cc4f9ce222a20972ea3310968b051e921d8
- SSDEEP
  
  6144:O4hzJ7My65/rJdHHfrCT5ZmadW/olg/VMd/OAG5MvRUL8g60uqr2yf3WPf1FLXR7:O2Ydno5Zm8gtS/Obl60g7FFDuZPm
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2