snakekeylogger | c96e091229eec51822b4c0c68d0daa1da078eba483288a76ff057dee69ad83d8 | Triage

Submit
Reports

Overview

overview

Static

static

3

Order.scr

windows7-x64

3

Order.scr

windows10-2004-x64

Sharing

General

Target

c96e091229eec51822b4c0c68d0daa1da078eba483288a76ff057dee69ad83d8
Size

13KB
Sample

241017-1g27ra1cjp
MD5

7ca73a63df39da567562cdaa707a5249
SHA1

15ab36482df7d17e299909048799ee092ef9086c
SHA256

c96e091229eec51822b4c0c68d0daa1da078eba483288a76ff057dee69ad83d8
SHA512

3638b3d326805fd17a0b699075d9fa0790d9daef8772743e6966265f434ba45544c42847f569ab367980032a561d1ccfa50de97db2eeaeb9792579624a765788
SSDEEP

384:25vjTPx8zCJmcxyhsO/m2l5LXQ4+9wniaiUhu:2h1/Eskm2l5LdSwniathu

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Order.scr

Resource

win7-20240903-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Order.scr

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7662274889:AAGmLpUAq41adIZH12LVtlSBknhfnx9iQ2g/sendMessage?chat_id=2052461776

Targets

- Target
  
  Order.scr
- Size
  
  30KB
- MD5
  
  92002022597e82d1f55b44485eaa6d9a
- SHA1
  
  4060c0791d1fefe8acfa60d2536e9dee9ab18f39
- SHA256
  
  96a94431297aca233cf3b52f2d0a72de4ecf61ddbd4423b6136bb66994db63c6
- SHA512
  
  fbe7380c7709379b004736deb03427315655325ceae816afc5307c8952e44dbff3dbb4d2ea6fe41a1f86362d2348f95af55af33e2fac242b93303e5cccc15757
- SSDEEP
  
  384:BvsfUqBjboyl5DONlPHrDi11nsV9G7AZWgOAKFjaxyBctRsQYSePeLUOoeHdbwcU:lxqBv7pIPnksG7IKFGCeQzO++G6+Is
Score

10^/10

discovery snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy