snakekeylogger | 4a125495481e23cee9745a6b26d23f8856648b6838356f5d451f37c7436518e4

General

Target

25092024_0649_24092024_Wire_01987012.7z
Size

611KB
Sample

240925-hlh1katfme
MD5

efb831178efa6fcb9b60d0294bff2761
SHA1

4b1a264b5eaca08c0d5cf6cc6f60e7707b66fa04
SHA256

4a125495481e23cee9745a6b26d23f8856648b6838356f5d451f37c7436518e4
SHA512

3e09ea44ccd2460d6e88152113cfb103163656e5396abc20d02cfb12192fed9b247f1ccf028c832cf317d6950cc8338621f795dd2132bb3f27a32578749f8af8
SSDEEP

12288:v+6Us22R24Q4HNJiCyDliYMu7H/R5ItDubZE6whrvq+nn6JkMSHK7/1:vSR0W4tJiC4YQ7558DiZE/FBn6JXT/1

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
pakcentar.ba
Port:
587
Username:
[email protected]
Password:
Almir.KardasPC!18_
Email To:
[email protected]

Targets

- Target
  
  Wire_01987012.exe
- Size
  
  964KB
- MD5
  
  ddf895aac213b394e4bf8be023f68dcd
- SHA1
  
  826ce15cfa6857adf191540b2b843fa97aa4cce0
- SHA256
  
  eb7b6182f2f6ccd5b150c810e5eaf94b7e22a638e6968e566d96f8f5f1ed85b1
- SHA512
  
  399bb4ecd0e3aee265eca048ee3a530edfb48948d46e6e5d11f9b93696d79e36d72d44d72c9d526b8d552af66cfe98dd48291b047ee0bfc1136f7c0113027889
- SSDEEP
  
  12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aCPE8hz/isTvzvrwCuhlA0:uRmJkcoQricOIQxiZY1iaCTLbvkRH+Na
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2