snakekeylogger | 4980799681a1951209d9c7208b62f7749243731c9917bb6de4be936d332dfa53 | Triage

Submit
Reports

Overview

overview

Static

static

3

Rfq H2110-...��.exe

windows10-1703-x64

Rfq H2110-...��.exe

windows10-2004-x64

Resubmissions

01-10-2024 02:04

241001-che7lszclc 10

01-10-2024 01:54

241001-cb16havfpq 8

Sharing

General

Target

Rfq H2110-11　Order_ROYPOWTECH %100% S51105P-E01 （最新）IMG .z
Size

513KB
Sample

241001-che7lszclc
MD5

14e52dbe7533dae4301d7d8253d19b7e
SHA1

ff4dbb76ddb9ace479c6317e5e904da3fe48aa99
SHA256

4980799681a1951209d9c7208b62f7749243731c9917bb6de4be936d332dfa53
SHA512

8dd73046ca37e972dadeebf349db3c0091e40580fe8ed1119e46c32f5dd85a4873e68339228b26192c8d07bf873de4ba767d66b256a7a152f41bbf96a216420d
SSDEEP

12288:0R51FEacYZ1OyAa2FE/zXL0E86YFRhxsJSpekffQ4O3KPJ9:0H/cSYQXgEFYF+JVwKy

Score

10^/10

snakekeylogger discovery execution keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Rfq H2110-11　Order_ROYPOWTECH %100% S51105P-E01 （最新）.exe

Resource

win10-20240404-ja

snakekeylogger discovery execution keylogger stealer

windows10-1703-x64

11 signatures

300 seconds

Behavioral task

behavioral2

Sample

Rfq H2110-11　Order_ROYPOWTECH %100% S51105P-E01 （最新）.exe

Resource

win10v2004-20240802-ja

snakekeylogger discovery execution keylogger stealer

windows10-2004-x64

16 signatures

300 seconds

Malware Config

Targets

- Target
  
  Rfq H2110-11　Order_ROYPOWTECH %100% S51105P-E01 （最新）.exe
- Size
  
  602KB
- MD5
  
  a168b11261c075963b1dfd139cbbfac6
- SHA1
  
  3248fcfe659305dba908ee7271da1a3c72f103c1
- SHA256
  
  32b59977aff73828e93c0844e7805de9c854049bb3b046399f1ce42e58679b85
- SHA512
  
  234e9aae8e8b8f959c1a1c21170619e09270eff0e8be8059a085c03adc354fcc7c1dadffd5c2dfa8644850bb8657fbfb3bee3b77cd8823ce00470517f41ec9fa
- SSDEEP
  
  12288:PWt7LZ0ohLCU8Ow2ZHdobZZrVFtuH+c3T:PWt7V0ohLCUVw2grke
Score

10^/10

snakekeylogger discovery execution keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoveryexecutionkeyloggerstealer

behavioral2

snakekeyloggerdiscoveryexecutionkeyloggerstealer

© 2018-2024

Terms | Privacy