snakekeylogger | 899dc226fa35da5923b2c6e6e0b90834dd1ea0b4d2e156a6bc99acd1a183a2d4

General

Target

899dc226fa35da5923b2c6e6e0b90834dd1ea0b4d2e156a6bc99acd1a183a2d4.exe
Size

130KB
Sample

241111-qvnw6szdjn
MD5

fd4302cdfacbc18e723806fde074625b
SHA1

6d1d8197029f5d5f0ad961178db8574fefb7a65b
SHA256

899dc226fa35da5923b2c6e6e0b90834dd1ea0b4d2e156a6bc99acd1a183a2d4
SHA512

a2f2bc0ca6b815545062c1c5536e858a9eda7ddca0fa4bc4905bb99f0451111ebe7e5a28f59cbc1abc782c8e6c7c8f2d9108eff2f6da5c2afec08c7b52ff34aa
SSDEEP

3072:d+XlnyGeKXVgLNIv4eYb5NtNsLEqwvxdqgbY:GnyTk49bvLzb

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
zulpine.shop
Port:
587
Username:
[email protected]
Password:
dkA6kDAnLHNg
Email To:
[email protected]

Targets

- Target
  
  899dc226fa35da5923b2c6e6e0b90834dd1ea0b4d2e156a6bc99acd1a183a2d4.exe
- Size
  
  130KB
- MD5
  
  fd4302cdfacbc18e723806fde074625b
- SHA1
  
  6d1d8197029f5d5f0ad961178db8574fefb7a65b
- SHA256
  
  899dc226fa35da5923b2c6e6e0b90834dd1ea0b4d2e156a6bc99acd1a183a2d4
- SHA512
  
  a2f2bc0ca6b815545062c1c5536e858a9eda7ddca0fa4bc4905bb99f0451111ebe7e5a28f59cbc1abc782c8e6c7c8f2d9108eff2f6da5c2afec08c7b52ff34aa
- SSDEEP
  
  3072:d+XlnyGeKXVgLNIv4eYb5NtNsLEqwvxdqgbY:GnyTk49bvLzb
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Checks computer location settings

Deletes itself

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2