snakekeylogger | 8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7

Analysis

max time kernel
135s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26-09-2024 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7.exe
Size

949KB
MD5

d5b3d11c19dcb6e3125415c0dedfe2b6
SHA1

f4c8309c80c85b8d1316fb88a90102d81c3474fd
SHA256

8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7
SHA512

d1e9e87e82a29c4d24bc2ea25740032b93af7ee048309c9ed2e249578dca8b7558fe561fb25ec22eeceea62fb2b05607fad6c5eff724657612f12dc109f3f107
SSDEEP

12288:CDN+hU6YasBZbnT9pf0K+Dg0I6d3oxs0P3hCYbVVUhyeb5zXre:CfBZbnJFx+Dp2FUjVz6

Score

10^/10

snakekeylogger keylogger stealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
granjaarmengol.com
Port:
587
Username:
[email protected]
Password:
28112811Ab
Email To:
[email protected]

Signatures

Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
stealer keylogger snakekeylogger

Snake Keylogger payload 1 IoCs

resource	yara_rule
behavioral2/memory/5096-290-0x0000000040000000-0x0000000040024000-memory.dmp	family_snakekeylogger

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
49	checkip.dyndns.org

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4524 set thread context of 5096	4524	8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7.exe	93

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe	InstallUtil.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4524	8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7.exe
4524	8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7.exe
4524	8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7.exe
5096	InstallUtil.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4524	8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7.exe
Token: SeDebugPrivilege	5096	InstallUtil.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 5096	4524	8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7.exe	93
PID 4524 wrote to memory of 5096	4524	8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7.exe	93
PID 4524 wrote to memory of 5096	4524	8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7.exe	93
PID 4524 wrote to memory of 5096	4524	8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7.exe	93
PID 4524 wrote to memory of 5096	4524	8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7.exe	93
PID 4524 wrote to memory of 5096	4524	8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7.exe	93

C:\Users\Admin\AppData\Local\Temp\8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7.exe
"C:\Users\Admin\AppData\Local\Temp\8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4524-0-0x00000000024F3000-0x00000000024F5000-memory.dmp

Filesize
8KB

Download
memory/4524-1-0x00000000002E0000-0x00000000003D2000-memory.dmp

Filesize
968KB

Download
memory/4524-2-0x0000000022A50000-0x0000000022AEE000-memory.dmp

Filesize
632KB

Download
memory/4524-3-0x00000000024F0000-0x0000000002FB1000-memory.dmp

Filesize
10.8MB

Download
memory/4524-4-0x00000000024F3000-0x00000000024F5000-memory.dmp

Filesize
8KB

Download
memory/4524-5-0x0000000001170000-0x00000000011D5000-memory.dmp

Filesize
404KB

Download
memory/4524-6-0x00000000011E0000-0x000000000129E000-memory.dmp

Filesize
760KB

Download
memory/4524-8-0x0000000001640000-0x00000000016D0000-memory.dmp

Filesize
576KB

Download
memory/4524-10-0x0000000001840000-0x00000000018DE000-memory.dmp

Filesize
632KB

Download
memory/4524-9-0x00000000016D0000-0x000000000177C000-memory.dmp

Filesize
688KB

Download
memory/4524-7-0x00000000012A0000-0x0000000001569000-memory.dmp

Filesize
2.8MB

Download
memory/4524-11-0x0000000001D80000-0x0000000001E1B000-memory.dmp

Filesize
620KB

Download
memory/4524-16-0x00000000009C0000-0x00000000009CA000-memory.dmp

Filesize
40KB

Download
memory/4524-17-0x00000000024F0000-0x0000000002FB1000-memory.dmp

Filesize
10.8MB

Download
memory/4524-19-0x0000000002480000-0x0000000002496000-memory.dmp

Filesize
88KB

Download
memory/4524-23-0x0000000003260000-0x000000000336B000-memory.dmp

Filesize
1.0MB

Download
memory/4524-26-0x0000000003710000-0x0000000003740000-memory.dmp

Filesize
192KB

Download
memory/4524-27-0x000000001F510000-0x000000001F63A000-memory.dmp

Filesize
1.2MB

Download
memory/4524-31-0x000000001FC30000-0x000000001FD7E000-memory.dmp

Filesize
1.3MB

Download
memory/4524-37-0x0000000022A30000-0x0000000022A49000-memory.dmp

Filesize
100KB

Download
memory/4524-36-0x0000000022A00000-0x0000000022A2C000-memory.dmp

Filesize
176KB

Download
memory/4524-38-0x0000000022B00000-0x000000002323F000-memory.dmp

Filesize
7.2MB

Download
memory/4524-42-0x00000000244A0000-0x0000000024550000-memory.dmp

Filesize
704KB

Download
memory/4524-47-0x0000000025260000-0x0000000025268000-memory.dmp

Filesize
32KB

Download
memory/4524-49-0x0000000026330000-0x00000000263D9000-memory.dmp

Filesize
676KB

Download
memory/4524-44-0x0000000024C80000-0x0000000024F03000-memory.dmp

Filesize
2.5MB

Download
memory/4524-46-0x0000000025130000-0x00000000251FD000-memory.dmp

Filesize
820KB

Download
memory/4524-45-0x0000000025010000-0x0000000025125000-memory.dmp

Filesize
1.1MB

Download
memory/4524-43-0x00000000246B0000-0x0000000024859000-memory.dmp

Filesize
1.7MB

Download
memory/4524-48-0x0000000025F70000-0x0000000026124000-memory.dmp

Filesize
1.7MB

Download
memory/4524-41-0x0000000024480000-0x000000002449F000-memory.dmp

Filesize
124KB

Download
memory/4524-39-0x0000000023240000-0x00000000239D0000-memory.dmp

Filesize
7.6MB

Download
memory/4524-40-0x00000000239D0000-0x0000000023A7D000-memory.dmp

Filesize
692KB

Download
memory/4524-35-0x0000000022960000-0x000000002296C000-memory.dmp

Filesize
48KB

Download
memory/4524-34-0x000000001FBF0000-0x000000001FC17000-memory.dmp

Filesize
156KB

Download
memory/4524-33-0x000000001FBB0000-0x000000001FBE4000-memory.dmp

Filesize
208KB

Download
memory/4524-32-0x000000001FAE0000-0x000000001FAF8000-memory.dmp

Filesize
96KB

Download
memory/4524-30-0x000000001F9A0000-0x000000001FA3E000-memory.dmp

Filesize
632KB

Download
memory/4524-29-0x0000000004FA0000-0x0000000005023000-memory.dmp

Filesize
524KB

Download
memory/4524-28-0x000000001F640000-0x000000001F995000-memory.dmp

Filesize
3.3MB

Download
memory/4524-25-0x0000000003410000-0x0000000003510000-memory.dmp

Filesize
1024KB

Download
memory/4524-24-0x0000000003370000-0x000000000340D000-memory.dmp

Filesize
628KB

Download
memory/4524-22-0x0000000003230000-0x000000000325B000-memory.dmp

Filesize
172KB

Download
memory/4524-21-0x00000000024A0000-0x00000000024C2000-memory.dmp

Filesize
136KB

Download
memory/4524-20-0x0000000003170000-0x000000000322D000-memory.dmp

Filesize
756KB

Download
memory/4524-18-0x0000000002FC0000-0x0000000003161000-memory.dmp

Filesize
1.6MB

Download
memory/4524-15-0x0000000001050000-0x0000000001062000-memory.dmp

Filesize
72KB

Download
memory/4524-14-0x0000000001CE0000-0x0000000001D35000-memory.dmp

Filesize
340KB

Download
memory/4524-13-0x0000000002350000-0x00000000023FA000-memory.dmp

Filesize
680KB

Download
memory/4524-12-0x0000000001E20000-0x0000000001F4A000-memory.dmp

Filesize
1.2MB

Download
memory/4524-140-0x0000000027480000-0x000000002749A000-memory.dmp

Filesize
104KB

Download
memory/4524-141-0x00000000278A0000-0x00000000278A6000-memory.dmp

Filesize
24KB

Download
memory/4524-324-0x00000000024F0000-0x0000000002FB1000-memory.dmp

Filesize
10.8MB

Download
memory/5096-290-0x0000000040000000-0x0000000040024000-memory.dmp

Filesize
144KB

Download