snakekeylogger | 6c481a8149442be4fdae9158e9275ef3c3c918040b387ce5248050f88da87676

General

Target

QUOTATION_SEPQTRA071244úPDF.scr.exe
Size

497KB
Sample

240922-rcpanatajn
MD5

60fdae7957c24a52dcb84aa1802edbd4
SHA1

4f38d0c6f43e8d6efaa6d4355d563213b0cf6866
SHA256

6c481a8149442be4fdae9158e9275ef3c3c918040b387ce5248050f88da87676
SHA512

9367458d72ba32b3e0542c94afc0ea6f3cf5c5fcbb17f45cac917ea1f35225292de9185a8b5df60e6bb43047c4546c638489addc41db4f052094224b053057fc
SSDEEP

1536:CH8HxsM08Tcgc92csCGlTyzUuZ0SVPRiNaQnFYUHKa/GUkgGPYSLgVay+Zm1SMhf:PZGmtFfqgOYSLgf+ZmRvV5FPV

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
Zg^!Zy[?IKrs99@soltan

Targets

- Target
  
  QUOTATION_SEPQTRA071244úPDF.scr.exe
- Size
  
  497KB
- MD5
  
  60fdae7957c24a52dcb84aa1802edbd4
- SHA1
  
  4f38d0c6f43e8d6efaa6d4355d563213b0cf6866
- SHA256
  
  6c481a8149442be4fdae9158e9275ef3c3c918040b387ce5248050f88da87676
- SHA512
  
  9367458d72ba32b3e0542c94afc0ea6f3cf5c5fcbb17f45cac917ea1f35225292de9185a8b5df60e6bb43047c4546c638489addc41db4f052094224b053057fc
- SSDEEP
  
  1536:CH8HxsM08Tcgc92csCGlTyzUuZ0SVPRiNaQnFYUHKa/GUkgGPYSLgVay+Zm1SMhf:PZGmtFfqgOYSLgf+ZmRvV5FPV
Score

10^/10

snakekeylogger collection credential_access keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

1

T1555

Credentials from Web Browsers

1

T1555.003

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Suspicious use of NtCreateUserProcessOtherParentProcess

Credentials from Password Stores: Credentials from Web Browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2