snakekeylogger | 0c6c5383904005141b01e01dbbe5b324fff16e26f4309936bcce8976d1866cb8

General

Target

daaa8ac3995fb610eda2e52a639d191f.bin
Size

635KB
Sample

241018-cat1sszbqd
MD5

248daa04bc0786d88829ecc5693d71a0
SHA1

7cdc41218c3aca632c9518b6754f0582745284cf
SHA256

0c6c5383904005141b01e01dbbe5b324fff16e26f4309936bcce8976d1866cb8
SHA512

15d846a461e766e98be9274b85255ec6a818a15e32a7000ec846fae85a09fd31d2b1bb6b96b67ec5c89f6ef0f6f8654e59e807e70919343fa729a716aa8b1320
SSDEEP

12288:WHrMRjB1r2bYB86yZfKYABeOyVANyEnSwzeDUiBdAbk+gVsdZcuiW:06roYB86afKYAcOyqymGQiMw+gi4TW

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7913958792:AAFOhfKo5L7M50XG6odxxQQwJAeD3zGEuJU/sendMessage?chat_id=7004340450

Targets

- Target
  
  e82aa9f8f95f53d306db35e28e6fdd4dd16eba7d7437971f929d3cf5470267b7.exe
- Size
  
  935KB
- MD5
  
  daaa8ac3995fb610eda2e52a639d191f
- SHA1
  
  2a26a631b79878c461248d5c03a33fb312aedb05
- SHA256
  
  e82aa9f8f95f53d306db35e28e6fdd4dd16eba7d7437971f929d3cf5470267b7
- SHA512
  
  808c18d514439aead5759bd3d1bfbfb1b31cfb6c03a147db8525aa8f7dec30fb4b73a12b4e4310f97b9917f6513594d917184434f49ff9a5ee1870c46ae75157
- SSDEEP
  
  12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QL2wiaLQQbtWvZNrtLFAL6B2meNN0d:ffmMv6Ckr7Mny5QLL5b4l5N2mxd
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2