snakekeylogger | 7605dcd7b056353b913434a83f65aee2e9adf3b6eebe9dca3739000db53ddee3

General

Target

7605dcd7b056353b913434a83f65aee2e9adf3b6eebe9dca3739000db53ddee3.exe
Size

920KB
Sample

241019-b9frsazcne
MD5

86a2dbbbbb42f4bf586d9fedd863739a
SHA1

5bbb1d435db8946304af597fec929c4814fb9bee
SHA256

7605dcd7b056353b913434a83f65aee2e9adf3b6eebe9dca3739000db53ddee3
SHA512

b04f4b0a8f9648f55cd82071064d7a7154b72316302dc57d0e879c4a45cfcaeed4555755a1baab77cf79e910c0afc22e6ac9496a4d40830bdde0845a6d08ac23
SSDEEP

12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QL9Q59VzxdPxClzCUTXDbJPj/jLLK+PB:ffmMv6Ckr7Mny5QL9Q1zxJ253JrLLK+Z

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8129252196:AAFb_vUYwennKVolbwpXf3vnDfT_yhozHns/sendMessage?chat_id=7004340450

Targets

- Target
  
  7605dcd7b056353b913434a83f65aee2e9adf3b6eebe9dca3739000db53ddee3.exe
- Size
  
  920KB
- MD5
  
  86a2dbbbbb42f4bf586d9fedd863739a
- SHA1
  
  5bbb1d435db8946304af597fec929c4814fb9bee
- SHA256
  
  7605dcd7b056353b913434a83f65aee2e9adf3b6eebe9dca3739000db53ddee3
- SHA512
  
  b04f4b0a8f9648f55cd82071064d7a7154b72316302dc57d0e879c4a45cfcaeed4555755a1baab77cf79e910c0afc22e6ac9496a4d40830bdde0845a6d08ac23
- SSDEEP
  
  12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QL9Q59VzxdPxClzCUTXDbJPj/jLLK+PB:ffmMv6Ckr7Mny5QL9Q1zxJ253JrLLK+Z
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2