snakekeylogger | b485584452740d1ffe5ec982d293a5da05c3f0c7393ade6f8057afffd694f9f7 | Triage

Sharing

General

Target

b485584452740d1ffe5ec982d293a5da05c3f0c7393ade6f8057afffd694f9f7
Size

20KB
Sample

240909-r7rn9stemp
MD5

9f89640de988b31659dccdf26185ccb9
SHA1

ea882f492561848d9d7d27f4f07b2be8056d07c4
SHA256

b485584452740d1ffe5ec982d293a5da05c3f0c7393ade6f8057afffd694f9f7
SHA512

77fc3c37da8df43ba0795e6400da6c37f31ceac05df12022307d5afbdc48a6df0b4125bb2f1393c1bc400edb809b9ef27b39603cdd720c45bfb8294fcfdee11c
SSDEEP

384:Jfi0sby/lF4ENLh7AnukFwueXVBj7lnDdI/loyCIesMRhQ4UYQnhqg6Bnih8Xz:1Yy/lrNLh0u8eXVBjJnDdI/6LIyQ8Bnt

Score

10^/10

snakekeylogger collection credential_access discovery keylogger persistence stealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
bisttro.shop
Port:
587
Username:
[email protected]
Password:
cpMCyuMGlfzP
Email To:
[email protected]

Targets

- Target
  
  inquiry#80163.exe
- Size
  
  82KB
- MD5
  
  4b91b8ed6ff289482b77a741afe00341
- SHA1
  
  37c2e4b4879e0c16e31272b1248bc281f36a1229
- SHA256
  
  c63fd4f25b1d6ab7fc80895ffed1f495e11eb31cc50d909cb977330ca31ab579
- SHA512
  
  b6a22c0a981a65a0ee736a7f45ec6f9bbf156e8c0ed78da63067b172a59303fdb6bea3a893d50a8264bc52e0c12c12109227a7f2ca485fc38239019a1ecaa463
- SSDEEP
  
  768:O4zOxVLVO49eYJBvmCcQw55EpYinAMxEP:hUf9JBvmnQ2C7HxE
Score

10^/10

discovery persistence snakekeylogger collection credential_access keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

snakekeyloggercollectioncredential_accessdiscoverykeyloggerpersistencestealer