snakekeylogger | b416b3cd07533aa1e3f322bbf904be65df03dcf08507ef9a683271a3c4848025 | Triage

Submit
Reports

Overview

overview

Static

static

8

b416b3cd07...5.xlsm

windows7-x64

b416b3cd07...5.xlsm

windows10-2004-x64

Sharing

General

Target

b416b3cd07533aa1e3f322bbf904be65df03dcf08507ef9a683271a3c4848025.xlsx
Size

438KB
Sample

241125-q9te7szmdy
MD5

9bf51f7bdf35911324a4fbb9235090f7
SHA1

d1abcb2b543a4c0f308dade69d1be6a96f356a3b
SHA256

b416b3cd07533aa1e3f322bbf904be65df03dcf08507ef9a683271a3c4848025
SHA512

c678628535508e250605babc13d899c598ab1466294b7917d583b577fb5362346b47952d684622c445512753980329ecc513934a7391b7511f7fc1588d981aff
SSDEEP

12288:Zl3PBexJxH0cZtSlOSgjG3IWNqAvfTYxv25F3:Z5PBexJJF2cSwG4ofTn55

Score

10^/10

snakekeylogger collection discovery execution keylogger macro stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b416b3cd07533aa1e3f322bbf904be65df03dcf08507ef9a683271a3c4848025.xlsm

Resource

win7-20240903-en

discovery execution

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

b416b3cd07533aa1e3f322bbf904be65df03dcf08507ef9a683271a3c4848025.xlsm

Resource

win10v2004-20241007-en

snakekeylogger collection discovery execution keylogger stealer

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
juguly.shop
Port:
587
Username:
[email protected]
Password:
rEBS93U9rKLG
Email To:
[email protected]

Targets

- Target
  
  b416b3cd07533aa1e3f322bbf904be65df03dcf08507ef9a683271a3c4848025.xlsx
- Size
  
  438KB
- MD5
  
  9bf51f7bdf35911324a4fbb9235090f7
- SHA1
  
  d1abcb2b543a4c0f308dade69d1be6a96f356a3b
- SHA256
  
  b416b3cd07533aa1e3f322bbf904be65df03dcf08507ef9a683271a3c4848025
- SHA512
  
  c678628535508e250605babc13d899c598ab1466294b7917d583b577fb5362346b47952d684622c445512753980329ecc513934a7391b7511f7fc1588d981aff
- SSDEEP
  
  12288:Zl3PBexJxH0cZtSlOSgjG3IWNqAvfTYxv25F3:Z5PBexJJF2cSwG4ofTn55
Score

10^/10

discovery execution snakekeylogger collection keylogger stealer
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

snakekeyloggercollectiondiscoveryexecutionkeyloggerstealer

© 2018-2024

Terms | Privacy