snakekeylogger | 143b234973ddc32101cf68cb847c00b31ad6d6730aa2996e25ef6a028a1acc98

General

Target

143b234973ddc32101cf68cb847c00b31ad6d6730aa2996e25ef6a028a1acc98
Size

627KB
Sample

241125-p7vptaxnev
MD5

cf4527e1259712277a6cf54a2c9b0d19
SHA1

2f1df7f2cf9177f98218a0822339a3fe5ae198d6
SHA256

143b234973ddc32101cf68cb847c00b31ad6d6730aa2996e25ef6a028a1acc98
SHA512

86ed43573d17e2bb753203bb373b8a25bdd825a3d9fb42f95918a21aafd3ef2f4052c1b8b00b8f9bf01c292dc279fb521fae393c6f11997cb477bb9f31e7ae91
SSDEEP

12288:PCYFEGMBIl91xAJlq4e7yaj51La027E6s9qywsKsaSEvrq1DJDtUxSXP8PWtRPH:P/EGMBS9IJlqlt1O26r+2e4W7f

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7399492470:AAF1Q52TLq6uEICFiCVrLu9dpROnjh2wukI/sendMessage?chat_id=1443320838

Targets

- Target
  
  AWB NO - 09804480383.exe
- Size
  
  1.1MB
- MD5
  
  9d452572ff75d16ee715c60c178e7c58
- SHA1
  
  80749d335e02f8f538c3bf1b747c956f6bcc5a64
- SHA256
  
  2295da0e659659289eade018cffada62e1c6dc679f26f45d458a287cba9694aa
- SHA512
  
  6cd9d5e9cd537e6f827008d07127d5db7640e7884f0bcb8387489d1b1aa518ec6416f672908fb09dd11fadb4f00dd42b7ee0aca03957fac2514f9ee03f0108cd
- SSDEEP
  
  24576:Ttb20pkaCqT5TBWgNQ7aXMdOiyErT383Wg76A:QVg5tQ7aXsOjKTW5
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2