snakekeylogger | 1c6d98ce8a37adc665452a1ca4bfa1fd5b347de7654578503527e28e90275f64 | Triage

Submit
Reports

Overview

overview

Static

static

1

17116a0f43...7a.hta

windows7-x64

17116a0f43...7a.hta

windows10-2004-x64

Sharing

General

Target

17116a0f43508549998ef6618154d77a.hta
Size

115KB
Sample

240927-r47w3sxdmr
MD5

17116a0f43508549998ef6618154d77a
SHA1

e71af8b0489263e476521a5fd6e22e5511369c4d
SHA256

1c6d98ce8a37adc665452a1ca4bfa1fd5b347de7654578503527e28e90275f64
SHA512

a6824f19100e0fd4c996ab8db64875fb1c0c0e4d045792793b45ad1e93cb358c6746289209d8d1f4634c6ebed9ade9e43a5b3407856780e7e60954efc249e9d9
SSDEEP

96:Ea+M7wmf6PCZ60NUrnPmeobQk9B6/A6I6L1j+Z668AT:Ea+Qwmf6PCZ6kUTWfz6Y6dKZ6+T

Score

10^/10

snakekeylogger collection defense_evasion discovery execution keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

17116a0f43508549998ef6618154d77a.hta

Resource

win7-20240903-en

snakekeylogger collection defense_evasion discovery execution keylogger stealer

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

17116a0f43508549998ef6618154d77a.hta

Resource

win10v2004-20240802-en

snakekeylogger collection defense_evasion discovery execution keylogger stealer

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.teilecar.com
Port:
587
Username:
[email protected]
Password:
Manta924porsche=911
Email To:
[email protected]

Targets

- Target
  
  17116a0f43508549998ef6618154d77a.hta
- Size
  
  115KB
- MD5
  
  17116a0f43508549998ef6618154d77a
- SHA1
  
  e71af8b0489263e476521a5fd6e22e5511369c4d
- SHA256
  
  1c6d98ce8a37adc665452a1ca4bfa1fd5b347de7654578503527e28e90275f64
- SHA512
  
  a6824f19100e0fd4c996ab8db64875fb1c0c0e4d045792793b45ad1e93cb358c6746289209d8d1f4634c6ebed9ade9e43a5b3407856780e7e60954efc249e9d9
- SSDEEP
  
  96:Ea+M7wmf6PCZ60NUrnPmeobQk9B6/A6I6L1j+Z668AT:Ea+Qwmf6PCZ6kUTWfz6Y6dKZ6+T
Score

10^/10

snakekeylogger collection defense_evasion discovery execution keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Evasion via Device Credential Deployment
  defense_evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondefense_evasiondiscoveryexecutionkeyloggerstealer

behavioral2

snakekeyloggercollectiondefense_evasiondiscoveryexecutionkeyloggerstealer

© 2018-2024

Terms | Privacy