snakekeylogger | 4c3c535a153cf0d3c3e3545638b81d2c078fa7107424fa044d5e19e6f1c24db1 | Triage

Submit
Reports

Overview

overview

Static

static

3

Document3495869.exe

windows7-x64

Document3495869.exe

windows10-2004-x64

Sharing

General

Target

4c3c535a153cf0d3c3e3545638b81d2c078fa7107424fa044d5e19e6f1c24db1
Size

784KB
Sample

240928-xekcda1ark
MD5

066d0b717adff810f9e9c16fa882c580
SHA1

f68af42f931880f9d5629426d2e1a1c8b0c97d51
SHA256

4c3c535a153cf0d3c3e3545638b81d2c078fa7107424fa044d5e19e6f1c24db1
SHA512

e7b6b00b6c6a1bcd4012e05cecf1a90b39422e25ae9096aa0e5780c707b839b383f523b5ec5e6c2ccc2227832be90ec3994b38f872199043433bcadfb5052823
SSDEEP

24576:Y8r7+ZziBAD8fh4t2GWgWUsvt+JUBvIJXcIdKOC1XdcJv:Y8YeBAD8fE7WtbwUBMsMYhuJv

Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Document3495869.exe

Resource

win7-20240903-en

snakekeylogger collection credential_access discovery keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Document3495869.exe

Resource

win10v2004-20240910-en

snakekeylogger collection credential_access discovery keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.stilltech.ro
Port:
587
Username:
[email protected]
Password:
eurobit555ro
Email To:
[email protected]

Targets

- Target
  
  Document3495869.exe
- Size
  
  883KB
- MD5
  
  c08f05d7046fdfc1953be17188ffa954
- SHA1
  
  b51dfe807db55d2af141df0617dc6ff620cf40ef
- SHA256
  
  69fe492283320d5d9f00610d549c9a557093ca6e967416d522f0512cbe9dddae
- SHA512
  
  632fe23cef44153dd982af1421625e9586891bb9cf6bdd2baf4d0b1dec1d6358134cb0aca0a80e1274e9ac5408fe82ba342a5c2a11c8a13ae155a8d7cae19536
- SSDEEP
  
  24576:VqcCw4UZvybcv8vqHBTMS6q/eptXP5CLdHsxYP:4cC6d8EMSaP5CZ
Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

behavioral2

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy