snakekeylogger | 1b5f80400b3a1c576088617608134dc43954a3cb7a4e7c5e80cb2beeeae3cbfc

General

Target

1b5f80400b3a1c576088617608134dc43954a3cb7a4e7c5e80cb2beeeae3cbfc.exe
Size

1.1MB
Sample

241031-cmgw1axcmb
MD5

ed5414a7d78e7dcdcf0112e110e245f9
SHA1

f2531cc02361d98c2972f043e5ee84b76e704ac3
SHA256

1b5f80400b3a1c576088617608134dc43954a3cb7a4e7c5e80cb2beeeae3cbfc
SHA512

6a862d792916f141bf0c8132846a3ccb7252371ebcd4fd863efd2010839d8d2f1fdb209035dc64f7d425dfe8387bcc4ccd91e92034de1a8f3d6ceead2a973fd6
SSDEEP

24576:ffmMv6Ckr7Mny5QLODvZpV1GXmGijvcQHVbo2a:f3v+7/5QLOD/u2Giru2a

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7725731697:AAGDaS6uwtjyooOqJDAR7sd2PrRE4x2kmLI/sendMessage?chat_id=7711653069

Targets

- Target
  
  1b5f80400b3a1c576088617608134dc43954a3cb7a4e7c5e80cb2beeeae3cbfc.exe
- Size
  
  1.1MB
- MD5
  
  ed5414a7d78e7dcdcf0112e110e245f9
- SHA1
  
  f2531cc02361d98c2972f043e5ee84b76e704ac3
- SHA256
  
  1b5f80400b3a1c576088617608134dc43954a3cb7a4e7c5e80cb2beeeae3cbfc
- SHA512
  
  6a862d792916f141bf0c8132846a3ccb7252371ebcd4fd863efd2010839d8d2f1fdb209035dc64f7d425dfe8387bcc4ccd91e92034de1a8f3d6ceead2a973fd6
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLODvZpV1GXmGijvcQHVbo2a:f3v+7/5QLOD/u2Giru2a
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2