snakekeylogger | dcf3ebaa281f05217097685b485ab9b56711ed87679cf755ee82ebfa4479c01e | Triage

Submit
Reports

Overview

overview

Static

static

3

dcf3ebaa28...eN.exe

windows7-x64

dcf3ebaa28...eN.exe

windows10-2004-x64

Sharing

General

Target

dcf3ebaa281f05217097685b485ab9b56711ed87679cf755ee82ebfa4479c01eN
Size

526KB
Sample

241009-3jtz9s1dpf
MD5

d25d303ca9ec88e005cbab9f35d4d210
SHA1

3c037df248b5b25e139cc7fc6142e6cd371446a3
SHA256

dcf3ebaa281f05217097685b485ab9b56711ed87679cf755ee82ebfa4479c01e
SHA512

fe416e58f5f32c7807bba84bd3c33376130a841e89afc7b4c3fd10d38c779d1fb1636a4f85501d69e99e8b9aca06ec65538667daa64ccdb259522e584feb00c1
SSDEEP

12288:xf0D4BQWzdAUxsfSWSLne4ZdzkpnRmkYwhX83X4Nu1jW:xhQQZxmoze47KRmkYwxmXk6S

Score

10^/10

snakekeylogger collection discovery execution keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dcf3ebaa281f05217097685b485ab9b56711ed87679cf755ee82ebfa4479c01eN.exe

Resource

win7-20240903-en

snakekeylogger collection discovery execution keylogger stealer

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

dcf3ebaa281f05217097685b485ab9b56711ed87679cf755ee82ebfa4479c01eN.exe

Resource

win10v2004-20241007-en

snakekeylogger collection discovery execution keylogger stealer

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6515689087:AAEnerpIS1xuf83Wz7mf2-PPkvlmor9Mt7U/sendMessage?chat_id=1015404316

Targets

- Target
  
  dcf3ebaa281f05217097685b485ab9b56711ed87679cf755ee82ebfa4479c01eN
- Size
  
  526KB
- MD5
  
  d25d303ca9ec88e005cbab9f35d4d210
- SHA1
  
  3c037df248b5b25e139cc7fc6142e6cd371446a3
- SHA256
  
  dcf3ebaa281f05217097685b485ab9b56711ed87679cf755ee82ebfa4479c01e
- SHA512
  
  fe416e58f5f32c7807bba84bd3c33376130a841e89afc7b4c3fd10d38c779d1fb1636a4f85501d69e99e8b9aca06ec65538667daa64ccdb259522e584feb00c1
- SSDEEP
  
  12288:xf0D4BQWzdAUxsfSWSLne4ZdzkpnRmkYwhX83X4Nu1jW:xhQQZxmoze47KRmkYwxmXk6S
Score

10^/10

snakekeylogger collection discovery execution keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoveryexecutionkeyloggerstealer

behavioral2

snakekeyloggercollectiondiscoveryexecutionkeyloggerstealer

© 2018-2024

Terms | Privacy