snakekeylogger | 85fef8292168c8195c7774c0f7f3389289407d467603d3d254b6e19e8742d62d

General

Target

85fef8292168c8195c7774c0f7f3389289407d467603d3d254b6e19e8742d62d
Size

613KB
Sample

240924-sar47szdjm
MD5

462e5d99311d277018b183d67c311e22
SHA1

97b1e5b903f333028cdeaedbf9ea06e769a2d247
SHA256

85fef8292168c8195c7774c0f7f3389289407d467603d3d254b6e19e8742d62d
SHA512

ed8933b570ff2a639c8c71d3d180d534f1a6eaf67bbc7a1f824fdb91c965c04ca4e49f7b9b2e27b76a1f1a626b01a39dd4e5b821eb8e3cfc29ec336d92c76bd2
SSDEEP

12288:bHWZ2ysM9RZ1/uXIp37s+KrbnmiqO8SJWDRDT3B5y5:b2ZIMzZ9uY58PnmQ8+WlDTxk5

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.al-subai.com
Port:
587
Username:
[email protected]
Password:
A_Sadek1962
Email To:
[email protected]

Targets

- Target
  
  RS Logistics Limited Soa.exe
- Size
  
  966KB
- MD5
  
  1aa5f8951116f513e5d7d50847237f22
- SHA1
  
  bf472c41730aa24bed7805792bba921473a74eeb
- SHA256
  
  1ec541aa412ef67aa6edd62c5a545141f828c163b0a585164f21d1184c96ffac
- SHA512
  
  4c0f35ef850ef192e01827ad1836f7811319a6f157c6f8189b0bf0f2e91ebf6cab3f41086cd447a4d9c17aa7ddb19862f7d173aba83d337f8297d58933fd4585
- SSDEEP
  
  12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aCTXP+NOWaM+U7W6s9gpGE:uRmJkcoQricOIQxiZY1iaCzP+0MAgx+m
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2