snakekeylogger | 59d9a6e2d9786af6afb42c64531e72da9cbc39649197b912595fed68984dd9f4

General

Target

2409202411292209202457mLPGSEMITRAILER7NOS.pdf.z
Size

24KB
Sample

240924-wdgpeszcjb
MD5

d46d25d36e41c0b331c6b6196be2c0bc
SHA1

41d27eb7639a3171620693b847522989a19c269c
SHA256

59d9a6e2d9786af6afb42c64531e72da9cbc39649197b912595fed68984dd9f4
SHA512

85171339c554ecdafa40ed6247d26f30318945187503e10bae02abfe7cf43c51f02d5941dabea507b8dffa58a2dc5eb83214e600d86759069b125183d29adf11
SSDEEP

384:0M3qO8YWkRYsmAWcjJapLWcrrvzPTj5ckC/MV1COZtcZ/+JmIhWbdV9Qi:R8YWkGnAWKJUvvqre1COgdIwbd7Qi

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5945022662:AAH3tNDq2H4t2_2yAxq__TOQa3RMNliwRjM/sendMessage?chat_id=6147569474

Targets

- Target
  
  57m³ LPG SEMI TRAILER 7 NOS.pdf.scr
- Size
  
  63KB
- MD5
  
  b755608af2719c7cd9e08ac41070c035
- SHA1
  
  d90f3e04bef06f847e20f9dfb39d1737f02d60b4
- SHA256
  
  bf1e3e4517d5b2e313a213072fe6622ecd2bf95acdb608dbff3742da6ae4ee5f
- SHA512
  
  01d22a1fc05e1595111dd7babd344d648f115256d23e9878c2cbba21f29c78ef1d269828d37119b4af9286731e10a5c56abce7e37d4c51f3e212a75034fdd93d
- SSDEEP
  
  1536:3TdilcWu40P80DEAhquJaiqcGRrZcE6b:JilG40ZQeqkaiqc1E6b
Score

10^/10

discovery snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Suspicious use of NtCreateUserProcessOtherParentProcess

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2