snakekeylogger | 0ebccd5531930fa72ce03fd3e5670c8e93f1500d1303f7e2d08c6703746440b6

General

Target

Qyfdikbgtuo.7z
Size

575KB
Sample

241010-a575ssyaqr
MD5

b20974c6fb27c7625d83ab0c2aac78d4
SHA1

8b1058fb099ec07b61d51259e0d4cc053e43c02f
SHA256

0ebccd5531930fa72ce03fd3e5670c8e93f1500d1303f7e2d08c6703746440b6
SHA512

413bac4d064f51250cbf0833edb87b26680d2b0d6f02692e50daaf6c23d3faa9c3e500b2a870ae72dd8baf2a650c853a4bc25387df93224de7b2baec5bd5ab60
SSDEEP

12288:wUPVfPEAk0bBilcw/H9ZW69yagXHEv2v6WlugYW8M6atD:TXk0FilX1M6ITvflD84tD

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
pakcentar.ba
Port:
587
Username:
[email protected]
Password:
Almir.KardasPC!18_
Email To:
[email protected]

Targets

- Target
  
  Qyfdikbgtuo.exe
- Size
  
  924KB
- MD5
  
  39fe6aa3bfcf971e363ec7865079fa05
- SHA1
  
  7f97b49491bcda0402a02d0a1946b0853c507d6e
- SHA256
  
  a6f6e18a65c1b0247944a3d52d26d7616290ef28c8aba5b48253d125887e83dc
- SHA512
  
  46f3ea719488dc5a847baafb2e581f45845dd0fb902d7bcf50f6d865d1730d14d8d55b481be5f3be0be879766486e500ef5813d86bde7dc230d0dab90d2db40b
- SSDEEP
  
  12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLwlVZGnxitFM+pJiADs/3FzmaE:ffmMv6Ckr7Mny5QLbnHYius1mL
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2