snakekeylogger | 8764a4a7a61aa1387c3e99200d8c35c89d0723e3e489da7abbb76559ac543deb

General

Target

8764a4a7a61aa1387c3e99200d8c35c89d0723e3e489da7abbb76559ac543deb
Size

1.1MB
Sample

241128-ta714askez
MD5

3571899088d957a98acfed92f4ba81fb
SHA1

18bf2cea74a8ab4d8d7b2511788a678dd858c413
SHA256

8764a4a7a61aa1387c3e99200d8c35c89d0723e3e489da7abbb76559ac543deb
SHA512

8e9f0d82ba8cb8e65c90555fa5e513c7c5b6f39c867ab29af25fe03e36cbb94653e2df2e146ce58fd7dc7da29291387e7fb7315813c4b314fb24a2c82521b545
SSDEEP

24576:ttb20pkaCqT5TBWgNQ7a78L5X6wviN6A:eVg5tQ7a78L5zG5

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7399492470:AAF1Q52TLq6uEICFiCVrLu9dpROnjh2wukI/sendMessage?chat_id=1443320838

Targets

- Target
  
  8764a4a7a61aa1387c3e99200d8c35c89d0723e3e489da7abbb76559ac543deb
- Size
  
  1.1MB
- MD5
  
  3571899088d957a98acfed92f4ba81fb
- SHA1
  
  18bf2cea74a8ab4d8d7b2511788a678dd858c413
- SHA256
  
  8764a4a7a61aa1387c3e99200d8c35c89d0723e3e489da7abbb76559ac543deb
- SHA512
  
  8e9f0d82ba8cb8e65c90555fa5e513c7c5b6f39c867ab29af25fe03e36cbb94653e2df2e146ce58fd7dc7da29291387e7fb7315813c4b314fb24a2c82521b545
- SSDEEP
  
  24576:ttb20pkaCqT5TBWgNQ7a78L5X6wviN6A:eVg5tQ7a78L5zG5
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2