snakekeylogger | 05842c0051350fafdd6963c5cdf746edc63b42ea66cc9235ff671f7fec70dcf5

General

Target

05842c0051350fafdd6963c5cdf746edc63b42ea66cc9235ff671f7fec70dcf5.exe
Size

962KB
Sample

241117-cp2desygln
MD5

366824f3f475e44ac5f51c1d8ce65567
SHA1

f8fa3c60dbc697bdf85e01a8f3df52437ebfae19
SHA256

05842c0051350fafdd6963c5cdf746edc63b42ea66cc9235ff671f7fec70dcf5
SHA512

fe4063e14f699b19e65dad1eb5cb8538973719ac623e283050f2a30e30323af5725f94e070dd608565f44c2820f28b85f61a1be390d8318e43e68aa0f07ae999
SSDEEP

12288:4tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgav79vMFw7v2o1j1Qq6A:4tb20pkaCqT5TBWgNQ7aj9nv2sJQq6A

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7807072238:AAGtzAOTofEY8lBHcrZusyYa_emOxp-S_-s/sendMessage?chat_id=7361435574

Targets

- Target
  
  05842c0051350fafdd6963c5cdf746edc63b42ea66cc9235ff671f7fec70dcf5.exe
- Size
  
  962KB
- MD5
  
  366824f3f475e44ac5f51c1d8ce65567
- SHA1
  
  f8fa3c60dbc697bdf85e01a8f3df52437ebfae19
- SHA256
  
  05842c0051350fafdd6963c5cdf746edc63b42ea66cc9235ff671f7fec70dcf5
- SHA512
  
  fe4063e14f699b19e65dad1eb5cb8538973719ac623e283050f2a30e30323af5725f94e070dd608565f44c2820f28b85f61a1be390d8318e43e68aa0f07ae999
- SSDEEP
  
  12288:4tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgav79vMFw7v2o1j1Qq6A:4tb20pkaCqT5TBWgNQ7aj9nv2sJQq6A
Score

10^/10

snakekeylogger collection discovery evasion keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2