snakekeylogger | eb7b6182f2f6ccd5b150c810e5eaf94b7e22a638e6968e566d96f8f5f1ed85b1

General

Target

Wire_01987012.exe
Size

964KB
Sample

240924-hx8qcsverk
MD5

ddf895aac213b394e4bf8be023f68dcd
SHA1

826ce15cfa6857adf191540b2b843fa97aa4cce0
SHA256

eb7b6182f2f6ccd5b150c810e5eaf94b7e22a638e6968e566d96f8f5f1ed85b1
SHA512

399bb4ecd0e3aee265eca048ee3a530edfb48948d46e6e5d11f9b93696d79e36d72d44d72c9d526b8d552af66cfe98dd48291b047ee0bfc1136f7c0113027889
SSDEEP

12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aCPE8hz/isTvzvrwCuhlA0:uRmJkcoQricOIQxiZY1iaCTLbvkRH+Na

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
pakcentar.ba
Port:
587
Username:
[email protected]
Password:
Almir.KardasPC!18_
Email To:
[email protected]

Targets

- Target
  
  Wire_01987012.exe
- Size
  
  964KB
- MD5
  
  ddf895aac213b394e4bf8be023f68dcd
- SHA1
  
  826ce15cfa6857adf191540b2b843fa97aa4cce0
- SHA256
  
  eb7b6182f2f6ccd5b150c810e5eaf94b7e22a638e6968e566d96f8f5f1ed85b1
- SHA512
  
  399bb4ecd0e3aee265eca048ee3a530edfb48948d46e6e5d11f9b93696d79e36d72d44d72c9d526b8d552af66cfe98dd48291b047ee0bfc1136f7c0113027889
- SSDEEP
  
  12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aCPE8hz/isTvzvrwCuhlA0:uRmJkcoQricOIQxiZY1iaCTLbvkRH+Na
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2