snakekeylogger | af10f3a48dbedc97b3823fae7eba5e9ff21f21ea9f588fc416884172c6da0b0a

General

Target

af10f3a48dbedc97b3823fae7eba5e9ff21f21ea9f588fc416884172c6da0b0a.exe
Size

927KB
Sample

240903-xs32msvhmd
MD5

c605ad2bb2c64d04dcc879d3e9aa1c25
SHA1

1a1bc61cbd97966b5048178bc4483734c7496553
SHA256

af10f3a48dbedc97b3823fae7eba5e9ff21f21ea9f588fc416884172c6da0b0a
SHA512

e0718dde11f7c850c5d93c692376c9de7ba70a941d2631997de18f963217d8cf02801317e1d8f6bc4f0cf67f0a37d69d572570ec06d968f653f62414e40ce413
SSDEEP

24576:hangoUEZ0mT+2RLsnemv/YOxpfkx3bGz0MyhH:0nVdbRAnXn4GzXyh

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
modernschoolgnoida.com
Port:
587
Username:
[email protected]
Password:
Modern@123
Email To:
[email protected]

Targets

- Target
  
  af10f3a48dbedc97b3823fae7eba5e9ff21f21ea9f588fc416884172c6da0b0a.exe
- Size
  
  927KB
- MD5
  
  c605ad2bb2c64d04dcc879d3e9aa1c25
- SHA1
  
  1a1bc61cbd97966b5048178bc4483734c7496553
- SHA256
  
  af10f3a48dbedc97b3823fae7eba5e9ff21f21ea9f588fc416884172c6da0b0a
- SHA512
  
  e0718dde11f7c850c5d93c692376c9de7ba70a941d2631997de18f963217d8cf02801317e1d8f6bc4f0cf67f0a37d69d572570ec06d968f653f62414e40ce413
- SSDEEP
  
  24576:hangoUEZ0mT+2RLsnemv/YOxpfkx3bGz0MyhH:0nVdbRAnXn4GzXyh
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Checks computer location settings

Deletes itself

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2