snakekeylogger | 31e7de8dd45b9c37d9835a6e0a1bd09442e5701c19dca26a6e75e4b73474e4b2

General

Target

31e7de8dd45b9c37d9835a6e0a1bd09442e5701c19dca26a6e75e4b73474e4b2
Size

1.1MB
Sample

241106-sqk1tsvmfr
MD5

18b0596c7fc1fa919e0f7f9b2ab359a9
SHA1

8d0abbec28810b31b7d595af187e7ad0fe48b2c0
SHA256

31e7de8dd45b9c37d9835a6e0a1bd09442e5701c19dca26a6e75e4b73474e4b2
SHA512

faf01847e74e70bb3be228b8c404ca9333ca339572a71c4c720948af5a9275fbb9f1b0b1f53006866a6afc8283e688128dedf4df71f6c3c126eb5a59bc12cdda
SSDEEP

24576:ffmMv6Ckr7Mny5QLyOiNRk37ui1L6myyUm5dDFMB:f3v+7/5QLgRUaA5yyr5dJMB

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7498931539:AAE8KHb70FueL6YmOOF6rhS3Z3o-F1rx6_A/sendMessage?chat_id=1178171552

Targets

- Target
  
  31e7de8dd45b9c37d9835a6e0a1bd09442e5701c19dca26a6e75e4b73474e4b2
- Size
  
  1.1MB
- MD5
  
  18b0596c7fc1fa919e0f7f9b2ab359a9
- SHA1
  
  8d0abbec28810b31b7d595af187e7ad0fe48b2c0
- SHA256
  
  31e7de8dd45b9c37d9835a6e0a1bd09442e5701c19dca26a6e75e4b73474e4b2
- SHA512
  
  faf01847e74e70bb3be228b8c404ca9333ca339572a71c4c720948af5a9275fbb9f1b0b1f53006866a6afc8283e688128dedf4df71f6c3c126eb5a59bc12cdda
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLyOiNRk37ui1L6myyUm5dDFMB:f3v+7/5QLgRUaA5yyr5dJMB
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2