snakekeylogger | 3000b3ec5d8622397d5b4288810e7215bfddcf2573023059fc84259b0bafa4f3

General

Target

3000b3ec5d8622397d5b4288810e7215bfddcf2573023059fc84259b0bafa4f3.exe
Size

640KB
Sample

241121-d48xgsykfs
MD5

9658dbdba747c4739e1b5c4bdcdb5d4d
SHA1

201c85ae456e4696d995ec232b43bb665f52fb32
SHA256

3000b3ec5d8622397d5b4288810e7215bfddcf2573023059fc84259b0bafa4f3
SHA512

b51e4ac8c75d3d38bc394145ca684d4267ffcf5130aac7f1a6182cee9648df55b30114087c21a0091531dd9983937e426f289c3fd892be1e88d0e97063ccdaa7
SSDEEP

12288:av/AYnEyHWiaHzNwsQg/8wvUwLywNaSctMXg:kYpmQ8whiMw

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
reptw.xyz
Port:
587
Username:
[email protected]
Password:
=W;D)NMYK*HI
Email To:
[email protected]

Targets

- Target
  
  3000b3ec5d8622397d5b4288810e7215bfddcf2573023059fc84259b0bafa4f3.exe
- Size
  
  640KB
- MD5
  
  9658dbdba747c4739e1b5c4bdcdb5d4d
- SHA1
  
  201c85ae456e4696d995ec232b43bb665f52fb32
- SHA256
  
  3000b3ec5d8622397d5b4288810e7215bfddcf2573023059fc84259b0bafa4f3
- SHA512
  
  b51e4ac8c75d3d38bc394145ca684d4267ffcf5130aac7f1a6182cee9648df55b30114087c21a0091531dd9983937e426f289c3fd892be1e88d0e97063ccdaa7
- SSDEEP
  
  12288:av/AYnEyHWiaHzNwsQg/8wvUwLywNaSctMXg:kYpmQ8whiMw
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Uses the VBS compiler for execution

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2