snakekeylogger | c52971c46c99e061f335c762b06baced3b5f13815dbcac79143b5b3f3f7814f1

General

Target

e8988ad104148396f3bbc969c3e84a94.bin
Size

3KB
Sample

241027-b9373szkhm
MD5

913fe4602d285d617c7be1ad17712801
SHA1

6f73007847c350211fb66fb43233e4f011193a2f
SHA256

c52971c46c99e061f335c762b06baced3b5f13815dbcac79143b5b3f3f7814f1
SHA512

53a5cd08c8a37d36be245062ce69c03518227b0defa68cfb2c08b8dc039cd9f3c32ac50d016f8b68e76c8a0704bad6223bddbefcf7971895eac9b60cac2f4f25

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7936689263:AAFVbTtCpguyJIaEvOdJBx9Oj9n157mQOMA/sendMessage?chat_id=6008123474

Targets

- Target
  
  e83231fa6c8d4df75581b44faa0180bc822f28168e12ed7590ba8c06a879a55e.exe
- Size
  
  6KB
- MD5
  
  e8988ad104148396f3bbc969c3e84a94
- SHA1
  
  b2f862133633e4dd69debb0d12c926c7cfbfa29f
- SHA256
  
  e83231fa6c8d4df75581b44faa0180bc822f28168e12ed7590ba8c06a879a55e
- SHA512
  
  d736e729e6ea1b7d2a28bbb4da40b3b1202cfaed35ed0cfc883f249d8d61f9b89534fabb26ca27595c140bdb72131622aab4d5f3e12fed67eebc67a76282852e
- SSDEEP
  
  96:ItlJkasxKUdSgvFKruk4Z50q1NjY2CMOt50vplejzNt:Fx5SgvFG4HtjY2omvLel
Score

10^/10

discovery snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Suspicious use of NtCreateUserProcessOtherParentProcess

Drops startup file

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2