snakekeylogger | 6ea25f40af71831d25ee3ee4d4772826686dd77fcf1f90b23192bcba759f0e5d

General

Target

6ea25f40af71831d25ee3ee4d4772826686dd77fcf1f90b23192bcba759f0e5d.exe
Size

1.1MB
Sample

240904-p7g4qazgml
MD5

d83e73b450e3efedb4ac939dda36d6d9
SHA1

74d88f6a12495ddc6b9efdae197f1208ac623c2c
SHA256

6ea25f40af71831d25ee3ee4d4772826686dd77fcf1f90b23192bcba759f0e5d
SHA512

78619767cc25849de677307eba98da2a3352ea5c65baed6801d59ac3560d6917ecaf8dcf36dcea10de387ca29d861821570c5a58c1d83d87295219df8f1bbfe3
SSDEEP

24576:hAHnh+eWsN3skA4RV1Hom2KXMmHaGZiH+TcsvmOP6P5:4h+ZkldoPK8YaGAeT58

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7277207626:AAGRDtfhvqxeEEY9C2dcl-J2e8y-ub9ECYU/sendMessage?chat_id=7128988401

Targets

- Target
  
  6ea25f40af71831d25ee3ee4d4772826686dd77fcf1f90b23192bcba759f0e5d.exe
- Size
  
  1.1MB
- MD5
  
  d83e73b450e3efedb4ac939dda36d6d9
- SHA1
  
  74d88f6a12495ddc6b9efdae197f1208ac623c2c
- SHA256
  
  6ea25f40af71831d25ee3ee4d4772826686dd77fcf1f90b23192bcba759f0e5d
- SHA512
  
  78619767cc25849de677307eba98da2a3352ea5c65baed6801d59ac3560d6917ecaf8dcf36dcea10de387ca29d861821570c5a58c1d83d87295219df8f1bbfe3
- SSDEEP
  
  24576:hAHnh+eWsN3skA4RV1Hom2KXMmHaGZiH+TcsvmOP6P5:4h+ZkldoPK8YaGAeT58
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Drops startup file

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2