snakekeylogger | 5fa128e617818eb6d70490ee47e4a8369e053fa5f7f7e79b982a120fe5bfe16d

General

Target

Order88983273293729387293828PDF.exe
Size

687KB
Sample

241116-s9blhaygna
MD5

0839190034df3cc414fa255d2283de3c
SHA1

ee691b6f85474654165db8ba8bfaee3ba1e536e0
SHA256

5fa128e617818eb6d70490ee47e4a8369e053fa5f7f7e79b982a120fe5bfe16d
SHA512

6f64f51cf8b428959a83e7e2da743faec564d9c71659a51696cea4f9bc5b70fc713a010dcf3d99de47534cabba39e9e9616a34ded6633b891ea7ea7f93127903
SSDEEP

12288:G0mnA1zcV/ErmWHObMmFPOeK5Wia8r9t3DSDb4NP:uA1zcMmJomFPs5We3ew5

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7610532139:AAFiI3HHwFD6pWziyPu3lWJbRKPQtz0nD2c/sendMessage?chat_id=6680692809

Targets

- Target
  
  Order88983273293729387293828PDF.exe
- Size
  
  687KB
- MD5
  
  0839190034df3cc414fa255d2283de3c
- SHA1
  
  ee691b6f85474654165db8ba8bfaee3ba1e536e0
- SHA256
  
  5fa128e617818eb6d70490ee47e4a8369e053fa5f7f7e79b982a120fe5bfe16d
- SHA512
  
  6f64f51cf8b428959a83e7e2da743faec564d9c71659a51696cea4f9bc5b70fc713a010dcf3d99de47534cabba39e9e9616a34ded6633b891ea7ea7f93127903
- SSDEEP
  
  12288:G0mnA1zcV/ErmWHObMmFPOeK5Wia8r9t3DSDb4NP:uA1zcMmJomFPs5We3ew5
Score

10^/10

discovery execution snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  Bygsukkerets/Wanderlusts.Uto
- Size
  
  52KB
- MD5
  
  97c0731e8a832706f3f157e89ce3999b
- SHA1
  
  8665ec5d2421bf666bd1bdc2b81876f582aa7a5d
- SHA256
  
  e7d18aee03c79a8a55e2f0fc47ad0693c0bd5ba584b879c82624b4c80946b432
- SHA512
  
  283ab18b29f488197daaeec4e7ddfc2b707e13c15c308c7f2b3b8bb492833e2a0bff70a5fe4ef5b2cce51830492785fc6c13a1eb69c60db39578dd5a39b78731
- SSDEEP
  
  1536:ATz1EnqDuXf0VfLfTxv5P30atVCOKxoSbg5/StPv:ATZEnqDEf0VTfTxx30ecoQeS
Score

8^/10

execution persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4