snakekeylogger | 760772bf0771f917079b11c18b10741ae0cd6c1ee3ef5cc4737b0f03a7114025

General

Target

7437a3e4149fcbeae7a68758b2834986.bin
Size

73KB
Sample

241103-bttnpstpcj
MD5

ba4b0099c92bef961b59a84a6488b093
SHA1

6139cced85e668722899dde8317c93b4ae6948e6
SHA256

760772bf0771f917079b11c18b10741ae0cd6c1ee3ef5cc4737b0f03a7114025
SHA512

95f14bb9434cc5c73e5505de457f7a403ed51ec0eb9b2363a6067e964307632b4c9da6f0af6dfdca5f7f977fd06b5f76581e42db9273e5d5df30856787994f7a
SSDEEP

1536:qzuWKhmb9EN6XNXgy/HzON91Dlmyr97NYX9S/:qfKhmmN66Ugpln7Niw/

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
P!^%ce*gxf$QyA

Targets

- Target
  
  27ffcd71286d5f2f958df742165ff8995288de83072b65d6415d1ed8db0a3aba.exe
- Size
  
  163KB
- MD5
  
  7437a3e4149fcbeae7a68758b2834986
- SHA1
  
  a799bf651a1c4c0d9ec705b6e1d9ae5903fb1546
- SHA256
  
  27ffcd71286d5f2f958df742165ff8995288de83072b65d6415d1ed8db0a3aba
- SHA512
  
  7576dba8a912ac7ca61165285008a13eb8f69544de4e6f663e578ef14250f58296a78831d8a1f70752ac8d042d71b0dc2cd59217ccb2efa14df3a92dc1b1da46
- SSDEEP
  
  1536:GpuePk4jSYamBPGoy9lKPwMYtryr3B+oc5PpLciER4xD7HlrDh6zJT/+GXWprEB3:VTY690ppQKUD0zJTmkWpAay4kzwOCO
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2