snakekeylogger | c63fd4f25b1d6ab7fc80895ffed1f495e11eb31cc50d909cb977330ca31ab579 | Triage

Sharing

General

Target

inquiry#80163.exe
Size

82KB
Sample

240909-s8rlbsydjf
MD5

4b91b8ed6ff289482b77a741afe00341
SHA1

37c2e4b4879e0c16e31272b1248bc281f36a1229
SHA256

c63fd4f25b1d6ab7fc80895ffed1f495e11eb31cc50d909cb977330ca31ab579
SHA512

b6a22c0a981a65a0ee736a7f45ec6f9bbf156e8c0ed78da63067b172a59303fdb6bea3a893d50a8264bc52e0c12c12109227a7f2ca485fc38239019a1ecaa463
SSDEEP

768:O4zOxVLVO49eYJBvmCcQw55EpYinAMxEP:hUf9JBvmnQ2C7HxE

Score

10^/10

snakekeylogger collection credential_access discovery keylogger persistence stealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
bisttro.shop
Port:
587
Username:
[email protected]
Password:
cpMCyuMGlfzP
Email To:
[email protected]

Targets

- Target
  
  inquiry#80163.exe
- Size
  
  82KB
- MD5
  
  4b91b8ed6ff289482b77a741afe00341
- SHA1
  
  37c2e4b4879e0c16e31272b1248bc281f36a1229
- SHA256
  
  c63fd4f25b1d6ab7fc80895ffed1f495e11eb31cc50d909cb977330ca31ab579
- SHA512
  
  b6a22c0a981a65a0ee736a7f45ec6f9bbf156e8c0ed78da63067b172a59303fdb6bea3a893d50a8264bc52e0c12c12109227a7f2ca485fc38239019a1ecaa463
- SSDEEP
  
  768:O4zOxVLVO49eYJBvmCcQw55EpYinAMxEP:hUf9JBvmnQ2C7HxE
Score

10^/10

discovery persistence snakekeylogger collection credential_access keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

snakekeyloggercollectioncredential_accessdiscoverykeyloggerpersistencestealer