snakekeylogger | 5efd6cde8394ec8c874ab0321cfafa605499f972d7c320fd02dad95276e0668d | Triage

Sharing

General

Target

26092024_0021_25092024_Ref_0160_0782.7z
Size

95KB
Sample

240926-anszjsygpg
MD5

e8944990e1fb006e293a4b59e40f67d0
SHA1

58110730422ddf85426cfaf3380d59daf2b69cf2
SHA256

5efd6cde8394ec8c874ab0321cfafa605499f972d7c320fd02dad95276e0668d
SHA512

e0ae03a2dc07c306c960f6a035a42618d96c2faf2b6ce6d0d0f175ff66de340d750a7b46304ffb6d0fb5571920231e804c1231056632c9d92fdf510caed07f4c
SSDEEP

1536:jqtN7INSNGIACmX3jMYiRKkTFKpWzjyyMYhHNQTqasKuwAPDNn8nZfsEZ365jQlZ:S7khfXjHpkTYonyShtQ2nKzun6x8bCj

Score

10^/10

snakekeylogger discovery keylogger persistence stealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
bisttro.shop
Port:
587
Username:
[email protected]
Password:
W79cDo2h05Iv
Email To:
[email protected]

Targets

- Target
  
  Ref_0160_0782.exe
- Size
  
  102KB
- MD5
  
  ea6421e2c475a88353aff4aef00dfd3a
- SHA1
  
  055bcef3e98729d5515ba1e34d30977b28fcba58
- SHA256
  
  cc353b50dbbf45b7c931885450e2a1033135b0b59daf5720b5a98f2941a5038e
- SHA512
  
  f515e5a587951840dd1f76003804f4edc4f0379d370c9e372e21d811bdc07e935ea593cf5e046f1d6c70d78a409fc5b4a5832dc84ad9fa90c84af35138770c91
- SSDEEP
  
  3072:Q8ISVIPM8mI8yrQeT9YFDaNUTTYR0iyW88Sv7KU/s:Q8lVIPM8R8yXT9saNOTYR588Se9
Score

10^/10

discovery persistence snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

snakekeyloggerdiscoverykeyloggerpersistencestealer