snakekeylogger | 13d4f8ebe986653a6512cace310b4927b694a5127036d85c2d1c8840634537e4

General

Target

13d4f8ebe986653a6512cace310b4927b694a5127036d85c2d1c8840634537e4
Size

1.1MB
Sample

241121-vpq7katblh
MD5

aaa6233ad5bf1fa876ad708b2af4d7d5
SHA1

caa797aaac80a8c807e8e152f280188b8b4e8819
SHA256

13d4f8ebe986653a6512cace310b4927b694a5127036d85c2d1c8840634537e4
SHA512

5cab1d39f1af187bc34073052e1672cee1aa131272abae98053f2273afc9f57b573517358e110dd6b56f4653ead9ab653828c80bb408f3456f3451db901a257e
SSDEEP

24576:ffmMv6Ckr7Mny5QLI2klYKlUhypdA0IJF/iog:f3v+7/5QLbkl/Uhad7I9g

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7498931539:AAE8KHb70FueL6YmOOF6rhS3Z3o-F1rx6_A/sendMessage?chat_id=1178171552

Targets

- Target
  
  13d4f8ebe986653a6512cace310b4927b694a5127036d85c2d1c8840634537e4
- Size
  
  1.1MB
- MD5
  
  aaa6233ad5bf1fa876ad708b2af4d7d5
- SHA1
  
  caa797aaac80a8c807e8e152f280188b8b4e8819
- SHA256
  
  13d4f8ebe986653a6512cace310b4927b694a5127036d85c2d1c8840634537e4
- SHA512
  
  5cab1d39f1af187bc34073052e1672cee1aa131272abae98053f2273afc9f57b573517358e110dd6b56f4653ead9ab653828c80bb408f3456f3451db901a257e
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLI2klYKlUhypdA0IJF/iog:f3v+7/5QLbkl/Uhad7I9g
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2