snakekeylogger | 1640e87780b219eba703c734e68b0f5cf793bc94fe0cdf9121658d12bb1f9364

General

Target

1640e87780b219eba703c734e68b0f5cf793bc94fe0cdf9121658d12bb1f9364.exe
Size

931KB
Sample

241004-bhf88szemg
MD5

58ff14d476f2bbaab31b12587c09559e
SHA1

ea9c7ce65a67f2a2d4e1ca4a2c3ac6785021fc94
SHA256

1640e87780b219eba703c734e68b0f5cf793bc94fe0cdf9121658d12bb1f9364
SHA512

a75d4bd80620a9441783131812780397fb0c3b1c6d6b9147d65ece23d9cc9384c148f6c491794cfbc012c290e3266e06a76357b84141b843929a295c2649613a
SSDEEP

24576:ffmMv6Ckr7Mny5QLiFrZo5cPsD+tOM5m4dxEMP:f3v+7/5QLiFrZycPBOP6Eg

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.purityontap.com
Port:
587
Username:
[email protected]
Password:
mail55
Email To:
[email protected]

Targets

- Target
  
  1640e87780b219eba703c734e68b0f5cf793bc94fe0cdf9121658d12bb1f9364.exe
- Size
  
  931KB
- MD5
  
  58ff14d476f2bbaab31b12587c09559e
- SHA1
  
  ea9c7ce65a67f2a2d4e1ca4a2c3ac6785021fc94
- SHA256
  
  1640e87780b219eba703c734e68b0f5cf793bc94fe0cdf9121658d12bb1f9364
- SHA512
  
  a75d4bd80620a9441783131812780397fb0c3b1c6d6b9147d65ece23d9cc9384c148f6c491794cfbc012c290e3266e06a76357b84141b843929a295c2649613a
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLiFrZo5cPsD+tOM5m4dxEMP:f3v+7/5QLiFrZycPBOP6Eg
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2