snakekeylogger | 15daae6aeec67c26bec847e3c26af738abf48f3f1b71dcf57e6871fec3c9b0e6 | Triage

Submit
Reports

Overview

overview

Static

static

1

63e970412f...5b.exe

windows7-x64

63e970412f...5b.exe

windows10-2004-x64

Sharing

General

Target

d2f01bfba149898d86d9f9b1344c871c.bin
Size

600KB
Sample

241103-b64z7s1gpq
MD5

3a60592dfc1d4ea6198f0a79a489a63c
SHA1

da6a8c14d36a6f189567a24fdc26ed99adac9a3e
SHA256

15daae6aeec67c26bec847e3c26af738abf48f3f1b71dcf57e6871fec3c9b0e6
SHA512

7493db490522b6d4383b6621d38138d945d18c764d182eb8e63eea94dd9e1cb567682e521bcb309409fa97106efdbbf66d873fe6851b58a0c7ce9495b35716e5
SSDEEP

12288:TdGJ9/4NoqRyUXrPj3UM/DDsXmw1a2sJe/NeTBRsVdTzWWzVC3TtEi/HWhsqOmjj:TdGJ9AoGXn3NUw7JeFeTM3TzWWzVutEN

Score

10^/10

snakekeylogger collection discovery execution keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

63e970412f2465ea620ac5a86a78584366a531b7c74f1755e8b3bab4a653c65b.exe

Resource

win7-20241010-en

snakekeylogger collection discovery execution keylogger stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

63e970412f2465ea620ac5a86a78584366a531b7c74f1755e8b3bab4a653c65b.exe

Resource

win10v2004-20241007-en

snakekeylogger collection discovery execution keylogger stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7692220058:AAHVndQO9RuaWbiX3k3pjx15TMCoeBS0WKU/sendMessage?chat_id=7342994424

Targets

- Target
  
  63e970412f2465ea620ac5a86a78584366a531b7c74f1755e8b3bab4a653c65b.exe
- Size
  
  880KB
- MD5
  
  d2f01bfba149898d86d9f9b1344c871c
- SHA1
  
  7002ec5c910a1883fd5c56aecf17c8182a175acb
- SHA256
  
  63e970412f2465ea620ac5a86a78584366a531b7c74f1755e8b3bab4a653c65b
- SHA512
  
  9607a66aa1f572504fa68ca6464cde5763c13e72ff66e1cb94bc8f1e8d4e6765390371664b18cfadc6954b21c711ac9f05c95dd6c38945d6f9ed2ce653237254
- SSDEEP
  
  12288:bEfVhpe/ijKZVn6fYpoW0eJRWmoaoTxAKScque4RJjBQ+60NAIJxT6t4kR:bEfVyijKZV6g+VeJRLVoTx4z/4RY6gv
Score

10^/10

snakekeylogger collection discovery execution keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoveryexecutionkeyloggerstealer

behavioral2

snakekeyloggercollectiondiscoveryexecutionkeyloggerstealer

© 2018-2024

Terms | Privacy