snakekeylogger | de2494d3561db7ebc523007a5ebaaf8c5118659e4e823e6eedac4d89f0f59389

General

Target

de2494d3561db7ebc523007a5ebaaf8c5118659e4e823e6eedac4d89f0f59389.z
Size

782KB
Sample

241025-cxzjsstanq
MD5

47286e2f2e2515e60d433f75304d388a
SHA1

dca41695144d0f32cd9ba3e1fa9ad93683f7f12e
SHA256

de2494d3561db7ebc523007a5ebaaf8c5118659e4e823e6eedac4d89f0f59389
SHA512

08af79ca2fc9fe172ca8c455932528a1c9356f277c2a5dc138e7b02d5ba9d1dc52cdcd936d09fd0e5b6cc5675ecdedcea7175bd9e479c87ed199b0bedab2c472
SSDEEP

24576:5gDpIwyh6YECpbDS04NwGgr0sYF6CyHUNU:Kjc64ZDSxN3q0sYF6CyHMU

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7754092182:AAFhYG1ixwJ3gbkMI8P9ofyeJ8nQ3W5NoAU/sendMessage?chat_id=6008123474

Targets

- Target
  
  SIPARIS-290124.PDF.exe
- Size
  
  1.1MB
- MD5
  
  d4210ccbd1645f4b055035b206594685
- SHA1
  
  6e4b56c0b706d4521145fc729c211212523ddcea
- SHA256
  
  5f5a3703983e3f2a5831a406e4f7a5d04b7564124aa13209482af4d628745634
- SHA512
  
  86009b9f0a2c59bc1b093f83b9a77e149dd6509d1df5eb5cb9c8b312e558c787995afbbdcb5b2b3642ff5314ea919293727bb54eea2e61e481445ce12fefc204
- SSDEEP
  
  24576:kfmMv6Ckr7Mny5QNdyh31VtTsEBD74232KGV7Z:k3v+7/5QNdybng232KY
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2