snakekeylogger | 074c9862124fdbf3ee29c3e1f3e5c05f88dfb2ddc741269ebc4c36592dcd98eb

General

Target

074c9862124fdbf3ee29c3e1f3e5c05f88dfb2ddc741269ebc4c36592dcd98eb.rar
Size

737KB
Sample

241107-cg45catbrq
MD5

e5af89cc33334f578ea074755488a0dc
SHA1

78b4a45c890bb21b1e5c16d84320c55d2da266f6
SHA256

074c9862124fdbf3ee29c3e1f3e5c05f88dfb2ddc741269ebc4c36592dcd98eb
SHA512

92572cdc47021326a6c8e6153be2c02ad4f3019e13bae921835f7fdf20e84739c5d483d398af38e8e7d3bc0f0fdac6ae61b60502c31e1e2ea27c2264c85fdc1f
SSDEEP

12288:kJHnDWqPfnRKqZlrnTshj4Ja140hfuXjSInrsF4RenrIjJe+SnU6:kFnJRXZlrnYhcJx0hSjXngTrEebU6

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7602241848:AAGOG1RAiVBKad-IMDgRf04J_SQO8x6g-hI/sendMessage?chat_id=5302361040

Targets

- Target
  
  Offer-7839373637-8839373-Quote8992832.exe
- Size
  
  767KB
- MD5
  
  21a5378b2c78f66fff23ec764cba65f2
- SHA1
  
  94e2921a8a2e47611c936235b5ba03feecf00fff
- SHA256
  
  b23119bb95d44f50e52555f51c9931389d3d559b9f74e34041e9fa6bc2b7f481
- SHA512
  
  885aaec0dea4fbf8d46da71bb34f776a8f212e99bf7da7082ef312a1936d46d5b59327c5650a50582df474cae7174dfafe3fa606876d218501f02cd3a25e05d0
- SSDEEP
  
  12288:bMwhYlU9blucsKZ1XjfCTD/qp0xmk9qPARcQFY9fcNLqH66cOsFoTvGU5ZqLm:bMwhY+9blYKPGZx0PARxFWfcFqal/F4X
Score

10^/10

discovery execution snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  Saganashes.Com
- Size
  
  51KB
- MD5
  
  86971efe48eae4401b734e86152c12aa
- SHA1
  
  93376b7df5fa9f5d363e263dd898b86e42e40ec0
- SHA256
  
  8e626d6dc0bb24ed272eaec732b70f81e306c38eba28df9e96ce78d61a75e455
- SHA512
  
  a04489dfa81e2fe20f1a8f07c562ed4a05f85b74d5745d6cb712252a46f997a7de6c9f11c3fa902c7c7b03f6ff8596e89e064c251b6a348dfb0d3b7ff6a02455
- SSDEEP
  
  768:AN4iitGvtxOdn/KpRVkmzfjoAPPSQJorIsqd1d4FdJF9wBYExO4u5lwSnuzC:C6o7kn/KdHdf2rtC1d42BYExOT5lwQ
Score

8^/10

execution persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4