snakekeylogger | 337f2438ac48410b788b27c4d5a3668b67f1a7d5c1eb3d1c614dfd1652b5a42d | Triage

Sharing

General

Target

Items IMG16092024.pdf.exe
Size

957KB
Sample

240924-q89qssxfkp
MD5

e24b9ef302a36051801a4d27e5563350
SHA1

f7ca82fcd4fc8d02f6135ee4da09e3d0277421f0
SHA256

337f2438ac48410b788b27c4d5a3668b67f1a7d5c1eb3d1c614dfd1652b5a42d
SHA512

5ebae13b999767baaa6ba52792b8da9e66c814911fe147a90b0e6b4b072533ca12f5447a40bb4832278c381e584223f4ad5dc5bdf8f3c656bf7e7451d7500ffe
SSDEEP

24576:jL7opqubED/7h4y9VATErHoJUG79VkxxKIR5e:rkFahvJrR290

Score

10^/10

snakekeylogger discovery keylogger persistence stealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7444558447:AAHNIAHnG1YJbhdGtivj0iiHR8ECCeZ9fo4/sendMessage?chat_id=6981201194

Targets

- Target
  
  Items IMG16092024.pdf.exe
- Size
  
  957KB
- MD5
  
  e24b9ef302a36051801a4d27e5563350
- SHA1
  
  f7ca82fcd4fc8d02f6135ee4da09e3d0277421f0
- SHA256
  
  337f2438ac48410b788b27c4d5a3668b67f1a7d5c1eb3d1c614dfd1652b5a42d
- SHA512
  
  5ebae13b999767baaa6ba52792b8da9e66c814911fe147a90b0e6b4b072533ca12f5447a40bb4832278c381e584223f4ad5dc5bdf8f3c656bf7e7451d7500ffe
- SSDEEP
  
  24576:jL7opqubED/7h4y9VATErHoJUG79VkxxKIR5e:rkFahvJrR290
Score

10^/10

discovery persistence snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

snakekeyloggerdiscoverykeyloggerpersistencestealer