snakekeylogger | ec9a9ab95cb6cbb2b4b47bade918dda482d919f9d80613f6efd23bcfdf36e484

General

Target

dekont_001.pdf.z
Size

35KB
Sample

241028-pcfx6swqhx
MD5

ac08485c15ce644e92948008f70146fa
SHA1

3a05e30f12deaedb1ac1550c08d2bad01228a7dd
SHA256

ec9a9ab95cb6cbb2b4b47bade918dda482d919f9d80613f6efd23bcfdf36e484
SHA512

92f00fafaa498f85059d9c01cb28503060f0026c0bd3db82ba316c93dd6dc31ba7b12db5754f67be21696dee082119ea7ac6a918d5ef006bc3fa20e9d6b8a5c1
SSDEEP

768:zghOxz89WSHf93rW3/KXJEgYSiQe78tRdyIVBZjMhZngMCfRW008:zghkzaWwNrGCXSvz7MyuBMf3AW6

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8007960326:AAFswhlAovIYra6y-Z3vk6uZa4lj11jIino/sendMessage?chat_id=6008123474

Targets

- Target
  
  dekont_001.pdf.exe
- Size
  
  74KB
- MD5
  
  d998da7be623b6299e9257fcf5f80e3e
- SHA1
  
  91d22e36b0aa0484136b1ee6ae17abb1f4963927
- SHA256
  
  4bb7ad555a0641fd9020b58ac7fdeb4eab618214f056a489739ad6aa91f528ae
- SHA512
  
  2c842a461f28225f1cb87a7a904593789f22e5a8f4a33c4b445b0c50c8e07b52b708b670b110ac006be5c997dc8d5b20bf874448abaaeb7a8f817f9f839df597
- SSDEEP
  
  1536:s2bQcZBZbO8nKwK3Px4wSa43VZFnWFCH2n8yIejHBoswZDg7uj:s2bQF8CPbS71WFCW00HqswRgG
Score

10^/10

discovery snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Suspicious use of NtCreateUserProcessOtherParentProcess

Drops startup file

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2