snakekeylogger | a34887afea413ee213c59e09cefd8343dd9c606c2c5c41022707412788fafe52

General

Target

RECEIPTDATED28.11.2024pdf.exe
Size

978KB
Sample

241128-yalkbatjgp
MD5

53699fc6f42ae5922ed39558c20e5a49
SHA1

1ca134a30c20b59faa40d0ff423b0097ebffc890
SHA256

a34887afea413ee213c59e09cefd8343dd9c606c2c5c41022707412788fafe52
SHA512

45b164e4eff353b29b0c2308536d24e42c943b313f564964051dd21d0248d0b58ae1ece11dd99cab5470742b81afc9702f6647a3329486765e4d225edc22df0d
SSDEEP

12288:Jtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgafTBi+XQFdYEyc6A:Jtb20pkaCqT5TBWgNQ7a7BTg7Yxc6A

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8105461233:AAGikrL-FY3clQOY-lg3KOIDOXSLgX28_TU/sendMessage?chat_id=6147266367

Targets

- Target
  
  RECEIPTDATED28.11.2024pdf.exe
- Size
  
  978KB
- MD5
  
  53699fc6f42ae5922ed39558c20e5a49
- SHA1
  
  1ca134a30c20b59faa40d0ff423b0097ebffc890
- SHA256
  
  a34887afea413ee213c59e09cefd8343dd9c606c2c5c41022707412788fafe52
- SHA512
  
  45b164e4eff353b29b0c2308536d24e42c943b313f564964051dd21d0248d0b58ae1ece11dd99cab5470742b81afc9702f6647a3329486765e4d225edc22df0d
- SSDEEP
  
  12288:Jtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgafTBi+XQFdYEyc6A:Jtb20pkaCqT5TBWgNQ7a7BTg7Yxc6A
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2