snakekeylogger | c27fdfe178919b9cbd02a634d6f7ec9d86c6a16c9b249ee49fd182904fd402d9 | Triage

Submit
Reports

Overview

overview

Static

static

3

c27fdfe178...d9.exe

windows7-x64

c27fdfe178...d9.exe

windows10-2004-x64

Sharing

General

Target

c27fdfe178919b9cbd02a634d6f7ec9d86c6a16c9b249ee49fd182904fd402d9.exe
Size

415KB
Sample

241123-n1vwka1jaq
MD5

ad16c932e217add47fe812543f96735d
SHA1

6033eed876a8d948aef8ff497a0e7dc606885819
SHA256

c27fdfe178919b9cbd02a634d6f7ec9d86c6a16c9b249ee49fd182904fd402d9
SHA512

58c3b7473de0bb7321e07c4e02b46f3e4190722b4b55399d0b19cf1fe9bad03ad5c0c0c0bcd16d6af5a3ac34df88efba58dd69088b36b48323d7c183678af7ea
SSDEEP

6144:YtgFVwrhUEz+16Uqd2GhN+qQcIkG5we2oXitAQ1CZu6GxOeUQuKrDxl16Fwa:Ytgw7z+sUi2iNtfdMityZ79dQuktlIF/

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c27fdfe178919b9cbd02a634d6f7ec9d86c6a16c9b249ee49fd182904fd402d9.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

c27fdfe178919b9cbd02a634d6f7ec9d86c6a16c9b249ee49fd182904fd402d9.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

10 signatures

120 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1620445910:AAF2v81NoINJsu_XXnpGet1YDm-NxnznaIE/sendMessage?chat_id=1063661839

Targets

- Target
  
  c27fdfe178919b9cbd02a634d6f7ec9d86c6a16c9b249ee49fd182904fd402d9.exe
- Size
  
  415KB
- MD5
  
  ad16c932e217add47fe812543f96735d
- SHA1
  
  6033eed876a8d948aef8ff497a0e7dc606885819
- SHA256
  
  c27fdfe178919b9cbd02a634d6f7ec9d86c6a16c9b249ee49fd182904fd402d9
- SHA512
  
  58c3b7473de0bb7321e07c4e02b46f3e4190722b4b55399d0b19cf1fe9bad03ad5c0c0c0bcd16d6af5a3ac34df88efba58dd69088b36b48323d7c183678af7ea
- SSDEEP
  
  6144:YtgFVwrhUEz+16Uqd2GhN+qQcIkG5we2oXitAQ1CZu6GxOeUQuKrDxl16Fwa:Ytgw7z+sUi2iNtfdMityZ79dQuktlIF/
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy