snakekeylogger | a8cd5c47ee3a3eaec51c591ff3f906aea427c275872fa4a3df9d66d6c884068b | Triage

Sharing

General

Target

a8cd5c47ee3a3eaec51c591ff3f906aea427c275872fa4a3df9d66d6c884068b.r01
Size

1.5MB
Sample

241009-ckg4zswhrh
MD5

82b2787af212dc27450a0c0625e88566
SHA1

f6b6f0a6aeadaeffa02115ad79eedc876cef325b
SHA256

a8cd5c47ee3a3eaec51c591ff3f906aea427c275872fa4a3df9d66d6c884068b
SHA512

8b94be8bab780d41316adaabc3edad83326ccedcd01669341791e6de800e4ef170e16afb1e73183055cb8c98ece30369bc999a02339ee6c736cdc675fed68e52
SSDEEP

24576:ULxSwZxjEo/MV4GZqePEktJICWRuluDg5qMXbocPzI2kQwUxqTxzQGBqLZw9VCam:SSwDPW4shMkLWRuoDgPXbomrkQJMTJQf

Score

10^/10

snakekeylogger discovery keylogger persistence stealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
webmail.setarehatlaspars.com
Port:
587
Username:
[email protected]
Password:
Set@reh1398
Email To:
[email protected]

Targets

- Target
  
  liquidação de fatura de pagamento.exe
- Size
  
  2.3MB
- MD5
  
  383574fcb2a1b030666cb7c3be603445
- SHA1
  
  2fcf52b141d329798d4d9c6fc1c2b3326a8ccdc9
- SHA256
  
  b0a9e6a7deccda1f29e48f243f15e225f59e9fe11e7ce25f9433e3f8d233ad6c
- SHA512
  
  92f6bbb31d94f72e3fdf1396270563647f22f853828658ab9843616cb2d534ce2b3081df87bb2129bee267cfa83f8aaa7dfaf447a8d104a6c89ef049a4562e8a
- SSDEEP
  
  24576:XNw5wQb8vxzKM8LKbaxrNzlEUBFs6JYH2oDXPtJv55njhYzuyKpraS7FFX:XNQbNEaxrNzl5FYJLtpxwuyuF
Score

10^/10

discovery persistence snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

snakekeyloggerdiscoverykeyloggerpersistencestealer