snakekeylogger | 8faa7e9a056ae7d581ce9c0ebcc966667dcf433f29443912da3d9026ca51c548 | Triage

Submit
Reports

Overview

overview

Static

static

3

Curriculum Vitae.exe

windows7-x64

Curriculum Vitae.exe

windows10-2004-x64

Sharing

General

Target

17102024_0043_16102024_Curriculum Vitae.zip
Size

482KB
Sample

241017-a3fmrssepf
MD5

1470b782e0ab233029a607cbead0cbed
SHA1

244f6537a7db5f598dba6fb95b75b0427068f0dc
SHA256

8faa7e9a056ae7d581ce9c0ebcc966667dcf433f29443912da3d9026ca51c548
SHA512

109244b80fb3612b25ff6a83fe820cabe92921d0465a147ae23fcf2c853095ce52f99e9579c162e37a0a58bfd1a55365af01818999ccb81eb55f97c03fc3e229
SSDEEP

12288:hark4WIHXwM06YE0gFbbD9QcY1XadjYbpDU4vN9K+Q6X:bIf9Fb1a1Xay1DU5+Qa

Score

10^/10

snakekeylogger collection discovery keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Curriculum Vitae.exe

Resource

win7-20240903-en

snakekeylogger collection discovery keylogger spyware stealer

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

Curriculum Vitae.exe

Resource

win10v2004-20241007-en

snakekeylogger collection discovery keylogger spyware stealer

windows10-2004-x64

13 signatures

300 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7719054034:AAHonYJDOpWskt5QdgdvYe662dLuhtscDqw/sendMessage?chat_id=6370711846

Targets

- Target
  
  Curriculum Vitae.exe
- Size
  
  523KB
- MD5
  
  af77754954cf982f4933912076058481
- SHA1
  
  a05dc147aee7e9e639b466014f01b9c4f6fc4e9a
- SHA256
  
  60c02fe06b1245384055747b14c0c5af879c0973ff23c7701a45fd92372bf631
- SHA512
  
  b433225c30967069965bef2aa441d1efc95cfd62269d181016495567f83d462c76cb4724479460174aae53062a11717f93b0ba9355d3ab1138447fc61f23f5bf
- SSDEEP
  
  12288:Os/QWwxkbCSCLKgmbz9QU2FXSZjMb1Vss6qrd4ySL:OsHnbAmt+FXSW5Rrd4yS
Score

10^/10

snakekeylogger collection discovery keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoverykeyloggerspywarestealer

behavioral2

snakekeyloggercollectiondiscoverykeyloggerspywarestealer

© 2018-2024

Terms | Privacy