snakekeylogger | dcec737bd7054fd760bb193c4d59d99032b944f6f18efdec6a848ebd85873a70 | Triage

Submit
Reports

Overview

overview

Static

static

3

dcec737bd7...0N.exe

windows7-x64

dcec737bd7...0N.exe

windows10-2004-x64

Sharing

General

Target

dcec737bd7054fd760bb193c4d59d99032b944f6f18efdec6a848ebd85873a70N
Size

808KB
Sample

241002-q6pmvatarh
MD5

b6a154427f75f2e0edc5da88b31f40d0
SHA1

df1ed239ce77f7ec87525967b225b5345a7f1b93
SHA256

dcec737bd7054fd760bb193c4d59d99032b944f6f18efdec6a848ebd85873a70
SHA512

bddf783c46d1d94c4bfe41c70932603fc6a584cdc414580d50728dfc7aff51b7b59bf1bb94d7ce5806aa088cc1983b4109088bfe4f7d85e3122997a010f53963
SSDEEP

12288:uQTf/hqcDnBPzmfJctxJFjbCtUySTmaEzHQv:TQ8mfmbJN8oFMQv

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dcec737bd7054fd760bb193c4d59d99032b944f6f18efdec6a848ebd85873a70N.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

dcec737bd7054fd760bb193c4d59d99032b944f6f18efdec6a848ebd85873a70N.exe

Resource

win10v2004-20240802-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.emmioglu.com
Port:
587
Username:
[email protected]
Password:
Kaya2758+

C2

https://api.telegram.org/bot7793181644:AAGZi9EwhHz_7_W-P3o6zCi0LNG3DYUolRk/sendMessage?chat_id=1645099110

Targets

- Target
  
  dcec737bd7054fd760bb193c4d59d99032b944f6f18efdec6a848ebd85873a70N
- Size
  
  808KB
- MD5
  
  b6a154427f75f2e0edc5da88b31f40d0
- SHA1
  
  df1ed239ce77f7ec87525967b225b5345a7f1b93
- SHA256
  
  dcec737bd7054fd760bb193c4d59d99032b944f6f18efdec6a848ebd85873a70
- SHA512
  
  bddf783c46d1d94c4bfe41c70932603fc6a584cdc414580d50728dfc7aff51b7b59bf1bb94d7ce5806aa088cc1983b4109088bfe4f7d85e3122997a010f53963
- SSDEEP
  
  12288:uQTf/hqcDnBPzmfJctxJFjbCtUySTmaEzHQv:TQ8mfmbJN8oFMQv
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy