snakekeylogger | 852c78744e828250542bb9ddf2d7f2797c5613d2ab69cbd0faff944469d2c03b

Analysis

max time kernel
7s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

852c78744e828250542bb9ddf2d7f2797c5613d2ab69cbd0faff944469d2c03b.exe
Size

331KB
MD5

5287698c5838c217c8330670920d1f22
SHA1

61d94cd397d56e87a13207f680f88fdf829eef71
SHA256

852c78744e828250542bb9ddf2d7f2797c5613d2ab69cbd0faff944469d2c03b
SHA512

4a2a295344a3842c9913e7fc0050b53cbb2733fd91019136212f9094351daf4bdac9ad3bdd989b19fbb186bd21404153ac96847269b1b988b70aa9a60f7d9d19
SSDEEP

768:gl7ult3Qg2ZzEjss2VSg1I1cn0sspAgpq8hLyg1uMN0+dzsRs+eEH:+uLQ7qPpqOLy0uyL+fH

Score

10^/10

snakekeylogger keylogger stealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
G!!HFpD@N*]*nF

Signatures

Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
stealer keylogger snakekeylogger

Snake Keylogger payload 1 IoCs

resource	yara_rule
behavioral1/memory/5016-1169-0x00000000006D0000-0x00000000006F4000-memory.dmp	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
10	checkip.dyndns.org

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1924	852c78744e828250542bb9ddf2d7f2797c5613d2ab69cbd0faff944469d2c03b.exe

C:\Users\Admin\AppData\Local\Temp\852c78744e828250542bb9ddf2d7f2797c5613d2ab69cbd0faff944469d2c03b.exe
"C:\Users\Admin\AppData\Local\Temp\852c78744e828250542bb9ddf2d7f2797c5613d2ab69cbd0faff944469d2c03b.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1924
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe"
  2⤵
  PID:5016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1924-0-0x000007FEF55D3000-0x000007FEF55D4000-memory.dmp

Filesize
4KB

Download
memory/1924-1-0x0000000000360000-0x00000000003B6000-memory.dmp

Filesize
344KB

Download
memory/1924-2-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download
memory/1924-3-0x000000001C6B0000-0x000000001C7BC000-memory.dmp

Filesize
1.0MB

Download
memory/1924-4-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-19-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-7-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-5-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-13-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-37-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-67-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-66-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-63-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-61-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-60-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-57-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-55-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-54-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-51-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-49-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-48-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-45-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-43-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-42-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-39-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-36-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-33-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-31-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-30-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-27-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-25-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-23-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-22-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-17-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-16-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-11-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-10-0x000000001C6B0000-0x000000001C7B6000-memory.dmp

Filesize
1.0MB

Download
memory/1924-1154-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download
memory/1924-1155-0x000000001AC40000-0x000000001ACBA000-memory.dmp

Filesize
488KB

Download
memory/1924-1156-0x0000000002120000-0x000000000216C000-memory.dmp

Filesize
304KB

Download
memory/1924-1157-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download
memory/1924-1158-0x000007FEF55D3000-0x000007FEF55D4000-memory.dmp

Filesize
4KB

Download
memory/1924-1159-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download
memory/1924-1160-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download
memory/1924-1161-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download
memory/1924-1162-0x0000000002270000-0x00000000022C4000-memory.dmp

Filesize
336KB

Download
memory/1924-1165-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download
memory/1924-1164-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download
memory/5016-1167-0x000007FEF55D3000-0x000007FEF55D4000-memory.dmp

Filesize
4KB

Download
memory/5016-1166-0x0000000000060000-0x0000000000088000-memory.dmp

Filesize
160KB

Download
memory/5016-1169-0x00000000006D0000-0x00000000006F4000-memory.dmp

Filesize
144KB

Download
memory/5016-1170-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download
memory/5016-1171-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download
memory/5016-1172-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download
memory/5016-1168-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download
memory/5016-1173-0x000007FEF55D3000-0x000007FEF55D4000-memory.dmp

Filesize
4KB

Download
memory/5016-1174-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download
memory/5016-1175-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmp

Filesize
9.9MB

Download