snakekeylogger | 9c0fffab4e65b24adb9a0d551b61752ffdf4cd82b1532e4a3c0a4c1a516a1d52

General

Target

9c0fffab4e65b24adb9a0d551b61752ffdf4cd82b1532e4a3c0a4c1a516a1d52.exe
Size

519KB
Sample

241009-n6bd4sybqe
MD5

5b40b3e70bbd3834bc99fb6aa2be15fa
SHA1

3492043b138f33ac49a866d2e529b4a416e91fbf
SHA256

9c0fffab4e65b24adb9a0d551b61752ffdf4cd82b1532e4a3c0a4c1a516a1d52
SHA512

e92ef73e560322277df9cd880d70d0fc9bbc9df15459027059b94a7affafbfb083506e93e2c742c884e19d735c15ef3b6010eadeec19722a8fc71dc960885bfd
SSDEEP

12288:Ho37Yb1IFBY8fAoI66WOTgrVSAaOkbhErUOpJMVdtTJx:I37YWzsoDKgrWOeErLSp

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7103143262:AAG465MUhsk82xbAoiKNfXs-PGi4dmGgzyE/sendMessage?chat_id=7337843299

Targets

- Target
  
  9c0fffab4e65b24adb9a0d551b61752ffdf4cd82b1532e4a3c0a4c1a516a1d52.exe
- Size
  
  519KB
- MD5
  
  5b40b3e70bbd3834bc99fb6aa2be15fa
- SHA1
  
  3492043b138f33ac49a866d2e529b4a416e91fbf
- SHA256
  
  9c0fffab4e65b24adb9a0d551b61752ffdf4cd82b1532e4a3c0a4c1a516a1d52
- SHA512
  
  e92ef73e560322277df9cd880d70d0fc9bbc9df15459027059b94a7affafbfb083506e93e2c742c884e19d735c15ef3b6010eadeec19722a8fc71dc960885bfd
- SSDEEP
  
  12288:Ho37Yb1IFBY8fAoI66WOTgrVSAaOkbhErUOpJMVdtTJx:I37YWzsoDKgrWOeErLSp
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Checks computer location settings

Deletes itself

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2