snakekeylogger | 97aa70078b62693b212b1b210268a10fe423294f7ca03f922fe160a4708dfc91 | Triage

Submit
Reports

Overview

overview

Static

static

3

97aa70078b...91.exe

windows7-x64

97aa70078b...91.exe

windows10-2004-x64

Sharing

General

Target

97aa70078b62693b212b1b210268a10fe423294f7ca03f922fe160a4708dfc91.exe
Size

532KB
Sample

241113-c65r6svgrn
MD5

f4943d4f40cf9c1cee2f32c17e365837
SHA1

b428d56e3f8d2afc032a8c21f21e27d9125ea2f2
SHA256

97aa70078b62693b212b1b210268a10fe423294f7ca03f922fe160a4708dfc91
SHA512

64a30927a5fb6843aa4188abb3607796797648f963e86a78dab5be0026cd5a6995d3488c096ae4f61d6e5a0294d5086cfca18dac20025a0e03b80257d31c6367
SSDEEP

12288:CX0nsD1jq2+ZlFfqLaP+I5sHaeV5WbsYnd425uGD6:CkncqPwINreKAYX5uG

Score

10^/10

snakekeylogger collection discovery keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

97aa70078b62693b212b1b210268a10fe423294f7ca03f922fe160a4708dfc91.exe

Resource

win7-20240903-en

snakekeylogger collection discovery keylogger spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

97aa70078b62693b212b1b210268a10fe423294f7ca03f922fe160a4708dfc91.exe

Resource

win10v2004-20241007-en

snakekeylogger collection discovery keylogger spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7985379579:AAFFNXAHJz6n24A6xEGgMMms826UxvjorNA/sendMessage?chat_id=6370711846

Targets

- Target
  
  97aa70078b62693b212b1b210268a10fe423294f7ca03f922fe160a4708dfc91.exe
- Size
  
  532KB
- MD5
  
  f4943d4f40cf9c1cee2f32c17e365837
- SHA1
  
  b428d56e3f8d2afc032a8c21f21e27d9125ea2f2
- SHA256
  
  97aa70078b62693b212b1b210268a10fe423294f7ca03f922fe160a4708dfc91
- SHA512
  
  64a30927a5fb6843aa4188abb3607796797648f963e86a78dab5be0026cd5a6995d3488c096ae4f61d6e5a0294d5086cfca18dac20025a0e03b80257d31c6367
- SSDEEP
  
  12288:CX0nsD1jq2+ZlFfqLaP+I5sHaeV5WbsYnd425uGD6:CkncqPwINreKAYX5uG
Score

10^/10

snakekeylogger collection discovery keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoverykeyloggerspywarestealer

behavioral2

snakekeyloggercollectiondiscoverykeyloggerspywarestealer

© 2018-2024

Terms | Privacy