snakekeylogger | 6ce2dc1aea1d062b35b2f1e1bb8ad276bede32a26e51581f996b4af620764863

General

Target

EVP3410001500995_1506489088-payment order.exe
Size

45KB
Sample

241115-p7h11sthra
MD5

3d66305ed410fad27c043db895cdd385
SHA1

1038de840abc4effc9092a240c7fb8b088b7731b
SHA256

6ce2dc1aea1d062b35b2f1e1bb8ad276bede32a26e51581f996b4af620764863
SHA512

95d56b572aa8322b93a683e7827f6732c58f0c10f1cb41381df68072ecb6c58182ed418af4207f3e5666fd369224cafcc8ba8a5a3c9c71251abd58e0d65e719b
SSDEEP

384:d8vpxocE2w6L5FUGWe1fEt5m0Gg9azYUmreMRo5CRCV5uWn+FW:dIo/QnJ9gloz3MRRMi

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtps.aruba.it
Port:
465
Username:
[email protected]
Password:
tecninf2017
Email To:
[email protected]

Targets

- Target
  
  EVP3410001500995_1506489088-payment order.exe
- Size
  
  45KB
- MD5
  
  3d66305ed410fad27c043db895cdd385
- SHA1
  
  1038de840abc4effc9092a240c7fb8b088b7731b
- SHA256
  
  6ce2dc1aea1d062b35b2f1e1bb8ad276bede32a26e51581f996b4af620764863
- SHA512
  
  95d56b572aa8322b93a683e7827f6732c58f0c10f1cb41381df68072ecb6c58182ed418af4207f3e5666fd369224cafcc8ba8a5a3c9c71251abd58e0d65e719b
- SSDEEP
  
  384:d8vpxocE2w6L5FUGWe1fEt5m0Gg9azYUmreMRo5CRCV5uWn+FW:dIo/QnJ9gloz3MRRMi
Score

10^/10

discovery snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Suspicious use of NtCreateUserProcessOtherParentProcess

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4