snakekeylogger | 302a0632a178a3d3b7f96cb8f53bfd66b17b53af200a343628b1bc7a34848b6c

General

Target

302a0632a178a3d3b7f96cb8f53bfd66b17b53af200a343628b1bc7a34848b6c.exe
Size

6KB
Sample

241101-da3hlstrb1
MD5

68d80151e3f57b7cfdab5fe78af83762
SHA1

df6af1e5e0c9320fedba1ea978a9e8848a8b1000
SHA256

302a0632a178a3d3b7f96cb8f53bfd66b17b53af200a343628b1bc7a34848b6c
SHA512

4d5d235da6bc8fc896989a69363e54a6edbbfb576b038e00d0ec93917728718c7dd88a1e179b66dd5a0ded1ecc0feb0b1d4b6da52c81eac4dcf0ced39ff64008
SSDEEP

96:r8QtGcl80de7I+p8Dzvj6oCQv4pblTDzNt:guF80deki8fL6PQv4nTF

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7698096781:AAGQLD6o1kzjfTe7ym-NWYz9KeQ-WUS_Q04/sendMessage?chat_id=6243598265

Targets

- Target
  
  302a0632a178a3d3b7f96cb8f53bfd66b17b53af200a343628b1bc7a34848b6c.exe
- Size
  
  6KB
- MD5
  
  68d80151e3f57b7cfdab5fe78af83762
- SHA1
  
  df6af1e5e0c9320fedba1ea978a9e8848a8b1000
- SHA256
  
  302a0632a178a3d3b7f96cb8f53bfd66b17b53af200a343628b1bc7a34848b6c
- SHA512
  
  4d5d235da6bc8fc896989a69363e54a6edbbfb576b038e00d0ec93917728718c7dd88a1e179b66dd5a0ded1ecc0feb0b1d4b6da52c81eac4dcf0ced39ff64008
- SSDEEP
  
  96:r8QtGcl80de7I+p8Dzvj6oCQv4pblTDzNt:guF80deki8fL6PQv4nTF
Score

10^/10

discovery snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Suspicious use of NtCreateUserProcessOtherParentProcess

Drops startup file

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2