snakekeylogger | 4e65a7e9e8c4466251e4ecf61e0758691bfd41bd141e4dedde3b78aad380b531 | Triage

Submit
Reports

Overview

overview

Static

static

1

c997ad9cac...29.exe

windows7-x64

c997ad9cac...29.exe

windows10-2004-x64

Sharing

General

Target

8f6d690e119684b1629d41f97b83fb23.bin
Size

554KB
Sample

241120-bval8axhnp
MD5

bb7697b76d5da4a8aa1b9719ff4f9c84
SHA1

b7d655ce4708aa53f781f0efc9c8ceef0c24aeb8
SHA256

4e65a7e9e8c4466251e4ecf61e0758691bfd41bd141e4dedde3b78aad380b531
SHA512

746d0ce4b2be701c795b61e32d9ced953b9c097ca3a37d1f4c48fa2372db78f9afe4ab9ddac61863828ac3f62392dd8f75f3865b11c0c3194feb69d0fbc3e8bc
SSDEEP

12288:bz1Dm8uKgfFLwx15kJMVnAX06C8hppPTmePfwbR:tzuKk6GBXD1pP7Pfw1

Score

10^/10

snakekeylogger collection discovery execution keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

c997ad9cac5cb1cfc050a066e275aae6a540443075b2641ca19331b3f065ee29.exe

Resource

win7-20241010-en

snakekeylogger collection discovery execution keylogger stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

c997ad9cac5cb1cfc050a066e275aae6a540443075b2641ca19331b3f065ee29.exe

Resource

win10v2004-20241007-en

snakekeylogger collection discovery execution keylogger stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  c997ad9cac5cb1cfc050a066e275aae6a540443075b2641ca19331b3f065ee29.exe
- Size
  
  620KB
- MD5
  
  8f6d690e119684b1629d41f97b83fb23
- SHA1
  
  46efdb7ae7079a781723d75e390431aa4c6080e5
- SHA256
  
  c997ad9cac5cb1cfc050a066e275aae6a540443075b2641ca19331b3f065ee29
- SHA512
  
  aa25c86da804170e08f3e4d5d64d7d07007bee539b26b27bc39476de4f99fca8fc0d7eaa3854556d004217982ab36c83f8f15bb21cbf1ffcc382edd911631d9c
- SSDEEP
  
  12288:bMVmiWX9OeYHC89ljwRbfWwtODSyaAXd1mA1Ak6OsgSb4VqU+H4o5zBFtyakR:gTONYHFvjwRzCxXd1mvOsH6eYoLy5
Score

10^/10

snakekeylogger collection discovery execution keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoveryexecutionkeyloggerstealer

behavioral2

snakekeyloggercollectiondiscoveryexecutionkeyloggerstealer

© 2018-2024

Terms | Privacy