snakekeylogger | 76997337c3512eb4b47cc476e22dc1d0cd861ae58e02cceadeabda61ff4fe2a8 | Triage

Sharing

General

Target

5a48f0bb8f074090d925bcb6c813ad70N.exe
Size

79KB
Sample

240907-flratswckk
MD5

5a48f0bb8f074090d925bcb6c813ad70
SHA1

976d1d14f50d42da98e46214b83c3097b4d1c3af
SHA256

76997337c3512eb4b47cc476e22dc1d0cd861ae58e02cceadeabda61ff4fe2a8
SHA512

6f95d8c4ddbc8ebcbc1f45904e4e132e71c9b045e8aa5ef4673229cc9888274e63bfe1482b7fb9db152497adafeca100a4e04694aa59a1b5efe0d0bb751b943f
SSDEEP

1536:z3NcR35tQ9VuUyvP6kGtREk+dONComoiJ//me:zNcztbHP6DtRWeCRom//B

Score

10^/10

snakekeylogger collection credential_access discovery keylogger persistence stealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
juguly.shop
Port:
587
Username:
[email protected]
Password:
d8GsruZs5Zg6
Email To:
[email protected]

Targets

- Target
  
  5a48f0bb8f074090d925bcb6c813ad70N.exe
- Size
  
  79KB
- MD5
  
  5a48f0bb8f074090d925bcb6c813ad70
- SHA1
  
  976d1d14f50d42da98e46214b83c3097b4d1c3af
- SHA256
  
  76997337c3512eb4b47cc476e22dc1d0cd861ae58e02cceadeabda61ff4fe2a8
- SHA512
  
  6f95d8c4ddbc8ebcbc1f45904e4e132e71c9b045e8aa5ef4673229cc9888274e63bfe1482b7fb9db152497adafeca100a4e04694aa59a1b5efe0d0bb751b943f
- SSDEEP
  
  1536:z3NcR35tQ9VuUyvP6kGtREk+dONComoiJ//me:zNcztbHP6DtRWeCRom//B
Score

10^/10

discovery persistence snakekeylogger collection credential_access keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

snakekeyloggercollectioncredential_accessdiscoverykeyloggerpersistencestealer