Overview

overview

10

Static

static

5

dllhost.exe

windows7-x64

10

dllhost.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dllhost.exe

  • Size

    1008KB

  • Sample

    241003-g9gxqsyhpq

  • MD5

    46ce226283fb84a52a6a902fc7032363

  • SHA1

    c3bb1c73525de62dc7756ad40574ad6c6c148996

  • SHA256

    9f3a7c1a4cc7e6e68e610bdce33046edb090a648e362ab8d3df8ba72561e1482

  • SHA512

    36ea4f80512c7b20d1c34406b6bdd77f64831c4569d7cb4418d4904dffdb8d33e3b6e4f37fa2b949449c04569bd1f9dc3dd010027de288ab2f8ac9de02d4f34d

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLN79aNHTaJhN8ZgDlA1xgYE5t:f3v+7/5QLN7AZghcxgLX

Score
10/10
snakekeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.kotobagroup.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Kotoba@2022!

Targets

    • Target

      dllhost.exe

    • Size

      1008KB

    • MD5

      46ce226283fb84a52a6a902fc7032363

    • SHA1

      c3bb1c73525de62dc7756ad40574ad6c6c148996

    • SHA256

      9f3a7c1a4cc7e6e68e610bdce33046edb090a648e362ab8d3df8ba72561e1482

    • SHA512

      36ea4f80512c7b20d1c34406b6bdd77f64831c4569d7cb4418d4904dffdb8d33e3b6e4f37fa2b949449c04569bd1f9dc3dd010027de288ab2f8ac9de02d4f34d

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLN79aNHTaJhN8ZgDlA1xgYE5t:f3v+7/5QLN7AZghcxgLX

    Score
    10/10
    snakekeyloggercollectiondiscoverykeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks