snakekeylogger | f1c78375e440265596e7ad6db872892cd19091b8d76ed62ed6cfad1439a827e5

General

Target

RFQ_List.r00
Size

827KB
Sample

241023-e2jegs1bpb
MD5

544226be9975703200cf3a489cd521f5
SHA1

08138baf4a5b0089b36e478065ef562d94008ad5
SHA256

f1c78375e440265596e7ad6db872892cd19091b8d76ed62ed6cfad1439a827e5
SHA512

c66f0349984adda859d6afef717139034bbc2510e27b347db2d73ba10f76af71551b54a9294aa03d3037bb269a5d25f40c04e9ac51ef283485065c0b3c142191
SSDEEP

12288:Fe0RFy8a2eLeopWD5gkVwh1zGuVMmjvpF516qxANpg1H3jSA0symTD4ewu3RkJSr:I0enTLlpIwPxWyX/bwg1XeA0dcou3Rui

Score

10^/10

Malware Config

Targets

- Target
  
  RFQ_List.exe
- Size
  
  905KB
- MD5
  
  27393ac93e0c60c934afa5ccdfc7c529
- SHA1
  
  e1989ce514efd53819be62e8aa4c51975da0b3e0
- SHA256
  
  66f7ca7287b5118119d8e6b8d55222d7662da16c12345a6122a28b64702ae69b
- SHA512
  
  672583e3937f3f5f5e84843913da032d5f6d6d32c759758e37710dff340973f9f0c77fb8f5b7b176b26edddec5851aa4902deb103b277b7403ea57d88292b438
- SSDEEP
  
  24576:dbusrIDaWLwBhB9XE/2D6lm7Pytae6/B1GX:SX8zB9XQ2gm7OjGB1GX
Score

10^/10

discovery execution snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Accesses Microsoft Outlook profiles
  collection
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  Maidenliness.Hal37
- Size
  
  52KB
- MD5
  
  f80de07a4ce30153f8406db6a12af56e
- SHA1
  
  bbe21fa2d5c1c6f2cad16333a3d095547f3426d2
- SHA256
  
  510d5a55e94d189ab5afadb87a4fb0be42220646e2b2cb470511c3055c0eeba6
- SHA512
  
  248a69f2a9ba266d4a571646f2235f67833edf425f3a0350becd520cc941b556bccd863ec8270de81ee48dc91bcc8f5a9bc71e51a89fd4eed529c843f1e43428
- SSDEEP
  
  768:vmhC4iu9gl9h6rLL44XFeko5AQ5JX61IB5w0w9g5OrVrd3dRnxLNEAka8l5Zowvm:vmsJjw744FYwgw0wSgZp0Aka8lHosvY7
Score

8^/10

execution persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4