snakekeylogger | ddfc226180d19aa860f81b888702f0b37e1f59478c4c0baaf7ec97d85da380c6 | Triage

Submit
Reports

Overview

overview

Static

static

3

ddfc226180...c6.exe

windows7-x64

ddfc226180...c6.exe

windows10-2004-x64

Sharing

General

Target

ddfc226180d19aa860f81b888702f0b37e1f59478c4c0baaf7ec97d85da380c6.exe
Size

634KB
Sample

241120-3zycmawclc
MD5

1e3a75a6d284c8e0f63ea91b1aae69a2
SHA1

e12e0f7a3bef74c9da3ba2e92fdbde73b97f403c
SHA256

ddfc226180d19aa860f81b888702f0b37e1f59478c4c0baaf7ec97d85da380c6
SHA512

6f0ab96b0b0e2a016b6e8c56db308cc748f6b86784a5fb443b26d13b5b6c7232a4934106acfc73cc55f8b03e124042d9fe99da2e4920b08f2b98030da6b59209
SSDEEP

6144:pGxhLzIXav5wzU3oHY59KCvkg9yDUo1BfcnCMk+DI3D8+4Z2wwwxItGrKsPE7Gl:YMeis5X8gchB8CQGA+8OtGrh

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ddfc226180d19aa860f81b888702f0b37e1f59478c4c0baaf7ec97d85da380c6.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

ddfc226180d19aa860f81b888702f0b37e1f59478c4c0baaf7ec97d85da380c6.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

10 signatures

120 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
iwRaBVG6
Email To:
[email protected]

C2

https://api.telegram.org/bot1620445910:AAF2v81NoINJsu_XXnpGet1YDm-NxnznaIE/sendMessage?chat_id=1063661839

Targets

- Target
  
  ddfc226180d19aa860f81b888702f0b37e1f59478c4c0baaf7ec97d85da380c6.exe
- Size
  
  634KB
- MD5
  
  1e3a75a6d284c8e0f63ea91b1aae69a2
- SHA1
  
  e12e0f7a3bef74c9da3ba2e92fdbde73b97f403c
- SHA256
  
  ddfc226180d19aa860f81b888702f0b37e1f59478c4c0baaf7ec97d85da380c6
- SHA512
  
  6f0ab96b0b0e2a016b6e8c56db308cc748f6b86784a5fb443b26d13b5b6c7232a4934106acfc73cc55f8b03e124042d9fe99da2e4920b08f2b98030da6b59209
- SSDEEP
  
  6144:pGxhLzIXav5wzU3oHY59KCvkg9yDUo1BfcnCMk+DI3D8+4Z2wwwxItGrKsPE7Gl:YMeis5X8gchB8CQGA+8OtGrh
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy