snakekeylogger | bced54f899e912b36d1aadbcbfc8db5298f5abe9cbd512fd708d24d6beaaaf3b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

22082024_2331_22082024_Ödeme pdf.rar
Size

931KB
Sample

240822-3hv6yawbrm
MD5

e95f162358c55172c6eb267a16b74495
SHA1

1cc0ae766079cbf38e696a83433db82e2e0d04c0
SHA256

bced54f899e912b36d1aadbcbfc8db5298f5abe9cbd512fd708d24d6beaaaf3b
SHA512

470615f66d72d09527fa1ffb9ab94fe4d1c019a76e3ea268723e7f4ecc4b0b5fd0c1d5c2a91337f6418d746d21151ad3c82ee4641dacd6f8fbd8c41b361a9118
SSDEEP

24576:3I6qi9IPuFa/0ji/qQQh0Cz6jhhvFY/H08f:3I6qiOGKzlCz67va/H08f

Score

10^/10

snakekeylogger collection credential_access keylogger persistence stealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6756471452:AAFakRllbjLJTMrAk-k-S6sPu9kJWksUpz8/sendMessage?chat_id=6951521546

Targets

- Target
  
  Fimnrqups.exe
- Size
  
  979KB
- MD5
  
  adefd2d23569b3784c4402b53a2fb7cf
- SHA1
  
  143a93d0f34456fad073eb9d695a68711a82b04a
- SHA256
  
  9d72d55e1c3edbba6d369e9a137076748ed93dc24108f88c5a3cca51423a11b9
- SHA512
  
  509f7939fbc41985fd53e09802d8240d0792a18fcb9ffc6031b8a9e1c7fc789bb0bd80ab4f3b75333cb14db918ca7a1dd88022030891fa0ef1280e3c2ccfed7b
- SSDEEP
  
  24576:uJVnZXM4pZeB9m9vcx/7FLBEdrJqjgv6g3BfILXO:uVuyKgRcx/4rAsCgdILX
Score

10^/10

persistence snakekeylogger collection credential_access keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectioncredential_accesskeyloggerpersistencestealer