snakekeylogger | 6a4699ff2bfc857300f6f9aac87d92dd42850ba1a697ab9296b4ef38dd3d8bf2 | Triage

Sharing

General

Target

Ref_336210627.zip
Size

158KB
Sample

240926-mydc3awfqe
MD5

f64e2be5e3be8cdcc88982c48bd68daa
SHA1

adb48d68fc414f072ffad64e69b7aafbc18bba3d
SHA256

6a4699ff2bfc857300f6f9aac87d92dd42850ba1a697ab9296b4ef38dd3d8bf2
SHA512

5a4b44db8604677f4afa7407b0649bdc22a35dd2903a5e7ab0aedf97447240a5a59d09961251940f48f6e23d4198c17dd7cd5708c4b6f12cb8c388485d6792cd
SSDEEP

3072:mi0vXl32TSkPi3BLs6pDHJjCJ5c9T91KKjePgrqyjmAgOs7xF:miI2Wkqm6pDHJ0o1QomAUH

Score

10^/10

snakekeylogger discovery keylogger persistence stealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
bisttro.shop
Port:
587
Username:
[email protected]
Password:
W79cDo2h05Iv
Email To:
[email protected]

Targets

- Target
  
  Ref_336210627.exe
- Size
  
  179KB
- MD5
  
  bd22f0c99670c51675ebb91843db7181
- SHA1
  
  8d290ff02196024b6ae7a564172a29e73e00de7d
- SHA256
  
  8921e9e55861c043b028cee713316efd923aff62fca9abb2e7cc7eb3092063e3
- SHA512
  
  255968a80a157bd6e37bb780cf69849c2dc829830d1bc0ae011b70be5bef888b3a7d6590a384e3456dbeb43fdcedf7dc09f7c753806d87973ca154659afe7b91
- SSDEEP
  
  3072:EuV8gCfET/JXYoqbo81ZvFe3sf8Y1DXylHyoWmbdyFQgrqyYTXrDD62zU/s:EWIf4XYtz1ZvFe3sf1XylSioFgTjh9
Score

10^/10

discovery persistence snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

snakekeyloggerdiscoverykeyloggerpersistencestealer