snakekeylogger | 03461c2a07431aed5ff68bbcf42d7ef82f32190b44ba140befd3f474614b5f3d

General

Target

taskhostws.exe
Size

938KB
Sample

241017-rpea8atgqr
MD5

b47e4f366b08fe509c2a8f9ee7251f51
SHA1

3338dd3e335d1e8e6ee0d4c0c607248d333c25c1
SHA256

03461c2a07431aed5ff68bbcf42d7ef82f32190b44ba140befd3f474614b5f3d
SHA512

277032b371ca4992657c172995186b4593197a91c784e84b1b5652478d462b84792e8b10480ecf0eb05e4ce4130575c59f0f14d197d4e0d77c70c0bd6989aaec
SSDEEP

24576:ffmMv6Ckr7Mny5QLLxANAeGFvgGZ7O1nk5ns:f3v+7/5QLtWAeG6GUC5ns

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7913958792:AAFOhfKo5L7M50XG6odxxQQwJAeD3zGEuJU/sendMessage?chat_id=7004340450

Targets

- Target
  
  taskhostws.exe
- Size
  
  938KB
- MD5
  
  b47e4f366b08fe509c2a8f9ee7251f51
- SHA1
  
  3338dd3e335d1e8e6ee0d4c0c607248d333c25c1
- SHA256
  
  03461c2a07431aed5ff68bbcf42d7ef82f32190b44ba140befd3f474614b5f3d
- SHA512
  
  277032b371ca4992657c172995186b4593197a91c784e84b1b5652478d462b84792e8b10480ecf0eb05e4ce4130575c59f0f14d197d4e0d77c70c0bd6989aaec
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLLxANAeGFvgGZ7O1nk5ns:f3v+7/5QLtWAeG6GUC5ns
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2