snakekeylogger | 80b9bfa671f8626c76da94f0f39a03987278bd32e40851068a399bc69a4e05ca | Triage

Submit
Reports

Overview

overview

Static

static

1

greatthing...od.hta

windows7-x64

greatthing...od.hta

windows10-2004-x64

8

Sharing

General

Target

greatthingswithgreatideasgivenmerestthignstgood.hta
Size

130KB
Sample

241023-gtq6gawfrp
MD5

b507badbce69dc67d803b7f3b1385036
SHA1

b15c7634732a783b64414505ac4a5c095405f886
SHA256

80b9bfa671f8626c76da94f0f39a03987278bd32e40851068a399bc69a4e05ca
SHA512

a844a487906193c9265b67d7f3b1b617de3f227c205e043a1238cca7dbb9c1782480b001bd68de97cc86597e13205466bd433771b681d9b64bb4404f67f1abd3
SSDEEP

96:Eam7xBVS9Mrv6VS9qrvpDCFl/Aoy58VS9sVS9QSrvdVS967T:Ea2xBQ9Gv6Q9wvaoiQ9sQ9QIvdQ9QT

Score

10^/10

snakekeylogger collection defense_evasion discovery execution keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

greatthingswithgreatideasgivenmerestthignstgood.hta

Resource

win7-20241010-en

snakekeylogger collection defense_evasion discovery execution keylogger stealer

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

greatthingswithgreatideasgivenmerestthignstgood.hta

Resource

win10v2004-20241007-en

defense_evasion discovery execution

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8129252196:AAFb_vUYwennKVolbwpXf3vnDfT_yhozHns/sendMessage?chat_id=7004340450

Targets

- Target
  
  greatthingswithgreatideasgivenmerestthignstgood.hta
- Size
  
  130KB
- MD5
  
  b507badbce69dc67d803b7f3b1385036
- SHA1
  
  b15c7634732a783b64414505ac4a5c095405f886
- SHA256
  
  80b9bfa671f8626c76da94f0f39a03987278bd32e40851068a399bc69a4e05ca
- SHA512
  
  a844a487906193c9265b67d7f3b1b617de3f227c205e043a1238cca7dbb9c1782480b001bd68de97cc86597e13205466bd433771b681d9b64bb4404f67f1abd3
- SSDEEP
  
  96:Eam7xBVS9Mrv6VS9qrvpDCFl/Aoy58VS9sVS9QSrvdVS967T:Ea2xBQ9Gv6Q9wvaoiQ9sQ9QIvdQ9QT
Score

10^/10

snakekeylogger collection defense_evasion discovery execution keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Evasion via Device Credential Deployment
  defense_evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondefense_evasiondiscoveryexecutionkeyloggerstealer

behavioral2

defense_evasiondiscoveryexecution

© 2018-2024

Terms | Privacy