Overview

overview

10

Static

static

3

2.exe

windows7-x64

3

2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2.exe

  • Size

    1.4MB

  • Sample

    241118-ma8t3athnb

  • MD5

    15f3466706b848c20acb7c9963f11cc4

  • SHA1

    dc13fd1be8ca1546ed6abfc58c989ef7c06538dd

  • SHA256

    01cf391dc6033cf02baa0670da520775eb0726b576b7b82eac9efd7ddfa592df

  • SHA512

    3e53feadbfe1aae5c9d88b2d019b6717a3c15acdca146d39108dc29035a20ef5f1c7d41077d887b07444c880993b29eb8da1afbd11ddb70ebd0ccec50aeea906

  • SSDEEP

    12288:crXNByaXOIMJWLGyHNiwsgy0uocCTZ9LpmsgbQ4kcJcbZhB:c+a+8LGopsUrNaAh

Score
10/10
snakekeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7415124455:AAFiJSMkT7ZAoj3FL8fyGKrBA__pnMHG3I4/sendMessage?chat_id=6008123474

Targets

    • Target

      2.exe

    • Size

      1.4MB

    • MD5

      15f3466706b848c20acb7c9963f11cc4

    • SHA1

      dc13fd1be8ca1546ed6abfc58c989ef7c06538dd

    • SHA256

      01cf391dc6033cf02baa0670da520775eb0726b576b7b82eac9efd7ddfa592df

    • SHA512

      3e53feadbfe1aae5c9d88b2d019b6717a3c15acdca146d39108dc29035a20ef5f1c7d41077d887b07444c880993b29eb8da1afbd11ddb70ebd0ccec50aeea906

    • SSDEEP

      12288:crXNByaXOIMJWLGyHNiwsgy0uocCTZ9LpmsgbQ4kcJcbZhB:c+a+8LGopsUrNaAh

    Score
    10/10
    discoverysnakekeyloggercollectionkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Snakekeylogger family

      snakekeylogger

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks