snakekeylogger | 365b8dab76c07e3c7ea3cd4a9d683265db5210b6b9a30e9dc520f358b829d30d | Triage

Sharing

General

Target

inquiry1523.exe
Size

82KB
Sample

240910-whhsaaxhnb
MD5

af2b325becf3f12462529b961699557a
SHA1

88da506a656c9ba9615e4134234084bd5c6c086f
SHA256

365b8dab76c07e3c7ea3cd4a9d683265db5210b6b9a30e9dc520f358b829d30d
SHA512

114e5bae2cf466ae6d7ace9728cac19e738dd5aa532df07b082d42fab22b7a2f286a606a6c476d4cbbea6c8f14804e300ca0e76d634e75ba22c0a8fecc6dad96
SSDEEP

768:v632KhVO49eYJBvmCcQw5cEpYinAMxEP:ymKP9JBvmnQG17HxE

Score

10^/10

snakekeylogger discovery keylogger persistence stealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
jertcot.shop
Port:
587
Username:
[email protected]
Password:
OxMHQMpgDVzU
Email To:
[email protected]

Targets

- Target
  
  inquiry1523.exe
- Size
  
  82KB
- MD5
  
  af2b325becf3f12462529b961699557a
- SHA1
  
  88da506a656c9ba9615e4134234084bd5c6c086f
- SHA256
  
  365b8dab76c07e3c7ea3cd4a9d683265db5210b6b9a30e9dc520f358b829d30d
- SHA512
  
  114e5bae2cf466ae6d7ace9728cac19e738dd5aa532df07b082d42fab22b7a2f286a606a6c476d4cbbea6c8f14804e300ca0e76d634e75ba22c0a8fecc6dad96
- SSDEEP
  
  768:v632KhVO49eYJBvmCcQw5cEpYinAMxEP:ymKP9JBvmnQG17HxE
Score

10^/10

discovery persistence snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

snakekeyloggerdiscoverykeyloggerpersistencestealer