snakekeylogger | 470a1d3d3cb732501469847aa36aac5fe9e235507989299d6f6fdc89889dfef8

General

Target

470a1d3d3cb732501469847aa36aac5fe9e235507989299d6f6fdc89889dfef8.exe
Size

996KB
Sample

241127-cwjf7asjhv
MD5

426faf44dbe98c8a45deb9f64bd25578
SHA1

5cd6e8159d2fde3937385f096713e5d6fb5a9021
SHA256

470a1d3d3cb732501469847aa36aac5fe9e235507989299d6f6fdc89889dfef8
SHA512

555dac08b0a4f9e31d46fc8b0006da7fb4ccba839d78f02ee155261e24c3c1dba3fc7746d1fe17b5ef3f06946c911c5200f2c668cb2c10edd9aafec8b9cacd04
SSDEEP

12288:Etb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgat7U7mublf784ZRsO6A:Etb20pkaCqT5TBWgNQ7aBy784ZWO6A

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7591642187:AAF3F6-zxp3HwWsP9s4_QJW4W-aEGhjsvDI/sendMessage?chat_id=6557702940

Targets

- Target
  
  470a1d3d3cb732501469847aa36aac5fe9e235507989299d6f6fdc89889dfef8.exe
- Size
  
  996KB
- MD5
  
  426faf44dbe98c8a45deb9f64bd25578
- SHA1
  
  5cd6e8159d2fde3937385f096713e5d6fb5a9021
- SHA256
  
  470a1d3d3cb732501469847aa36aac5fe9e235507989299d6f6fdc89889dfef8
- SHA512
  
  555dac08b0a4f9e31d46fc8b0006da7fb4ccba839d78f02ee155261e24c3c1dba3fc7746d1fe17b5ef3f06946c911c5200f2c668cb2c10edd9aafec8b9cacd04
- SSDEEP
  
  12288:Etb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgat7U7mublf784ZRsO6A:Etb20pkaCqT5TBWgNQ7aBy784ZWO6A
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2