snakekeylogger | 9df74849e53144b98ac5cf84faef5b6fdc00b8add891e996ef1443d027e839d6

General

Target

24092024_1037_22092024_Quote RF-E68-STD-094.pdf.arj
Size

25KB
Sample

240924-mnyags1flq
MD5

6e850c28d844e17d4b3768ce8a937d66
SHA1

fa23246dff31fe6468b2bde723d3638f5c59e5e3
SHA256

9df74849e53144b98ac5cf84faef5b6fdc00b8add891e996ef1443d027e839d6
SHA512

ce4f8ee75e9424e06c17d319f326f74cdea4bacce64f2cabd6d5e9b1b3e8d8779c2c4715a0296dbed2f02617c5db9b42eab541b675d3a98ea527c5a0edd45afa
SSDEEP

768:3rEWV3ZT+lvNCQ+bvgVzoiPxsKJK3fM3n3zZ5:3rEW1ZalFCJbvgr4vC315

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7541020039:AAGsq8h1YFdFZMkWR4YvtTV1a-gYO_XOaR4/sendMessage?chat_id=5593200404

Targets

- Target
  
  Quote RF-E68-STD-094.pdf.scr
- Size
  
  63KB
- MD5
  
  3e40d63b33b3b8b4fca874063dfde5ad
- SHA1
  
  47fb479bf0ae34e3a08a2f93666136fbfb96c3a7
- SHA256
  
  2c2278d30f145b813ad9eafe8fcc77ed6cb35679b136221974f708e943a2afaf
- SHA512
  
  0bd2efe7a91f0b929273769908979b6dfc62a24489f4618252af1aaac177b4b45eaf0bbf0a10c1a8b97f5a362f3a91df70da0318466f7512e8155eb9e76d7170
- SSDEEP
  
  1536:WKUfn1ZeSPcCKP8DOEAV2xzzmmhjiLf88Ju5ZE62:NUP1ZRcCKubbemhjib85E62
Score

10^/10

discovery snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Suspicious use of NtCreateUserProcessOtherParentProcess

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2