snakekeylogger | 4c70310a239bb05c148151740e3cbccf787c13a33c6f9f5a8f9c75216ed43af4 | Triage

Submit
Reports

Overview

overview

Static

static

3

4c70310a23...f4.exe

windows7-x64

4c70310a23...f4.exe

windows10-2004-x64

Sharing

General

Target

4c70310a239bb05c148151740e3cbccf787c13a33c6f9f5a8f9c75216ed43af4.exe
Size

2.2MB
Sample

241123-cpejnavrc1
MD5

744261ecea7819afad73c744b60b7e93
SHA1

e6c2e03d6468b0193cc326fc52746063e937172b
SHA256

4c70310a239bb05c148151740e3cbccf787c13a33c6f9f5a8f9c75216ed43af4
SHA512

8f8e49f2834024a93e3c9a4d0b4316814455e81ae737ffee1b55cff4f4189c7daa480d8da163f484ac51d8333f1221ebcbfaee4d585044a955caec4dd88365de
SSDEEP

12288:gOt1G044leEK+3ExXvA8fR5mPVr7iG2eXNPnrEdrEw:SLhEK0q/A8fR5mPVr7iGxXN/odow

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4c70310a239bb05c148151740e3cbccf787c13a33c6f9f5a8f9c75216ed43af4.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

4c70310a239bb05c148151740e3cbccf787c13a33c6f9f5a8f9c75216ed43af4.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
reptw.xyz
Port:
587
Username:
[email protected]
Password:
=W;D)NMYK*HI
Email To:
[email protected]

Targets

- Target
  
  4c70310a239bb05c148151740e3cbccf787c13a33c6f9f5a8f9c75216ed43af4.exe
- Size
  
  2.2MB
- MD5
  
  744261ecea7819afad73c744b60b7e93
- SHA1
  
  e6c2e03d6468b0193cc326fc52746063e937172b
- SHA256
  
  4c70310a239bb05c148151740e3cbccf787c13a33c6f9f5a8f9c75216ed43af4
- SHA512
  
  8f8e49f2834024a93e3c9a4d0b4316814455e81ae737ffee1b55cff4f4189c7daa480d8da163f484ac51d8333f1221ebcbfaee4d585044a955caec4dd88365de
- SSDEEP
  
  12288:gOt1G044leEK+3ExXvA8fR5mPVr7iG2eXNPnrEdrEw:SLhEK0q/A8fR5mPVr7iGxXN/odow
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy