snakekeylogger | 709c71fa2737c0c2332e37349497bee8717c7a82facaff1dd877ec821e10927b

General

Target

709c71fa2737c0c2332e37349497bee8717c7a82facaff1dd877ec821e10927b
Size

792KB
Sample

241030-clxaaswjfm
MD5

4d1992aaf9cf5f84403ef9ca4b8e3ff7
SHA1

6b461d5668e97968d5b1c4344fde6f4281886cee
SHA256

709c71fa2737c0c2332e37349497bee8717c7a82facaff1dd877ec821e10927b
SHA512

4dc4179bf0bea66eef9191031de88f76e19396c70f731b1f94cb6899c0810e7e63b2fed45401ad7313d0b14a33303e99a7e05f2f2c4510daf5862c1978511d7b
SSDEEP

12288:T0z2ovno83RWeOvaR+rBZqJNbrFMj3OMWyqTNo/dMCAHel/VZVWuzR9h:TaPv/3RW/diXFMj37WyqTNoOCF7Vl3h

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8069991368:AAEDxeDrVuH4v6iEp_2FvvnhUUBR7gnXopg/sendMessage?chat_id=6048393012

Targets

- Target
  
  24602711 Inv_Or.exe
- Size
  
  1.1MB
- MD5
  
  9a3633d66c81d5a2929a9314bc15e04a
- SHA1
  
  9ac79d99e83bdfe71d876292fb48979d9f6572af
- SHA256
  
  0de41e3a816a005f0b35df372d0618253964b5be6945408d403e9b1292fb200f
- SHA512
  
  98d9af9350d4083a3593c0c98cacc315ba0274b4badd0ec9e4294046e5c350806f69be7a7cf0fe0fb2172e4f3b012a2bd324c15c9b9e38ad328195e269fe179e
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLL26iXWFsDsXbjVmUmG2/OE:f3v+7/5QLL2iaIrJma2/V
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2