snakekeylogger | 0bb05b89da1cb1513aedce4415408f654b32a4f5d081fb7a4c5b997ac48e160c | Triage

Submit
Reports

Overview

overview

Static

static

3

QUOTATION_...DF.scr

windows7-x64

QUOTATION_...DF.scr

windows10-2004-x64

Sharing

General

Target

1.lha
Size

57KB
Sample

241029-kzwjxsterm
MD5

a0b4f356a44bcddee01703b532e8d3a2
SHA1

6ef84650d79b4824731e8282bc62a1220441e58b
SHA256

0bb05b89da1cb1513aedce4415408f654b32a4f5d081fb7a4c5b997ac48e160c
SHA512

ce47f27f08e32b37650ab75e9ed0b62bf57766114e7d79094b66915a3908fa91a620cf7ac3d1af9a6776297c87ab693e4cea92d9c12630ae14e2f199f8c8d19d
SSDEEP

1536:Lc1wQO3m44A/adztYBOIMfRmgn1d4EVEktLEy24zIieDxuW:Q04cMYBOpDQEjauWwW

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

QUOTATION_OCTQTRA071244PDF.scr

Resource

win7-20241010-en

snakekeylogger collection keylogger stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

QUOTATION_OCTQTRA071244PDF.scr

Resource

win10v2004-20241007-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
G!!HFpD6EwDq*nF

Targets

- Target
  
  QUOTATION_OCTQTRA071244PDF.scr
- Size
  
  125KB
- MD5
  
  e9a2c17b37cfb66088f1c261834f8dbd
- SHA1
  
  f0fc8ffd74ab3fbb52e5eedef96407d23e333832
- SHA256
  
  0545c9611fe99f78d484cab41ed01baaf0eadbaa0d9f9a2cca9ba22189a379dd
- SHA512
  
  e77630b5e896f176f68ca5199a30d1f8e992d55fe16a6964be5e01a8775fe76f01bd5d86769e702641e8ec7236b189c77d6c611c497ce04d196cec0879fd6f41
- SSDEEP
  
  3072:YzTNsTPlzKz98Jt8kpNIv6tshyqpDx6471R:YzTGDlzFJt8MNIv6tb2
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy