snakekeylogger | 6d56700e490fbb082d3ff3fbde1bdb8404c0dd033e05a0e6b63d649bb06b03c0 | Triage

Submit
Reports

Overview

overview

Static

static

3

Qaovmgmn.exe

windows7-x64

7

Qaovmgmn.exe

windows10-2004-x64

Sharing

General

Target

Qaovmgmn.exe
Size

1.1MB
Sample

241015-sd9hnavekj
MD5

2fcc31707bfa6f3b9a82ef482e81f08f
SHA1

f820b95c7e9d10d951c3d48c2b491b64ed274534
SHA256

6d56700e490fbb082d3ff3fbde1bdb8404c0dd033e05a0e6b63d649bb06b03c0
SHA512

1cfa47e1a602467386b11f86a67252046cad119f378c2f09362efe60c7a9ce8e6ba26dd452d87e9dd6f7c1de00682a986495f4ec3708c15440441592a65fcbb9
SSDEEP

24576:Pt4rexG2D35fmUw5UpCZI3M3xr7KT8LwcCouwvxA688j:V4rexG2D3nw6pCZyMhvKrrTQxAl8j

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Qaovmgmn.exe

Resource

win7-20240903-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Qaovmgmn.exe

Resource

win10v2004-20241007-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7733918918:AAEtGoUvhJXT-4wtbogjQ__0KDlSf2pw6MQ/sendMessage?chat_id=7969902771

Targets

- Target
  
  Qaovmgmn.exe
- Size
  
  1.1MB
- MD5
  
  2fcc31707bfa6f3b9a82ef482e81f08f
- SHA1
  
  f820b95c7e9d10d951c3d48c2b491b64ed274534
- SHA256
  
  6d56700e490fbb082d3ff3fbde1bdb8404c0dd033e05a0e6b63d649bb06b03c0
- SHA512
  
  1cfa47e1a602467386b11f86a67252046cad119f378c2f09362efe60c7a9ce8e6ba26dd452d87e9dd6f7c1de00682a986495f4ec3708c15440441592a65fcbb9
- SSDEEP
  
  24576:Pt4rexG2D35fmUw5UpCZI3M3xr7KT8LwcCouwvxA688j:V4rexG2D3nw6pCZyMhvKrrTQxAl8j
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy