snakekeylogger | b2a2dfd429f960ea3fc4919e2114137c461ce884bbf14d39917a16740631f3af

General

Target

53699fc6f42ae5922ed39558c20e5a49.bin
Size

552KB
Sample

241130-blr5xavqew
MD5

7649f770437fc368b303264d23530c84
SHA1

77a136d99ca72d90e68280b64b1c083e6e611853
SHA256

b2a2dfd429f960ea3fc4919e2114137c461ce884bbf14d39917a16740631f3af
SHA512

e3421422bd30dd864af41e6e4b4cc319be2f7694326eea18a1d65f7004623a912e85b2119d753e5a26f2fd9e135c0210cb1017d92bb35e9113fae8fba1c93b0c
SSDEEP

12288:1K6xkI0QZLyPNsecfRquuaEfkjQ3cnZnG+7fhEiT+rycLvx2lw4hk:Y6WoLisecf85t2BZD7fhEHrNF2ha

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8105461233:AAGikrL-FY3clQOY-lg3KOIDOXSLgX28_TU/sendMessage?chat_id=6147266367

Targets

- Target
  
  a34887afea413ee213c59e09cefd8343dd9c606c2c5c41022707412788fafe52.exe
- Size
  
  978KB
- MD5
  
  53699fc6f42ae5922ed39558c20e5a49
- SHA1
  
  1ca134a30c20b59faa40d0ff423b0097ebffc890
- SHA256
  
  a34887afea413ee213c59e09cefd8343dd9c606c2c5c41022707412788fafe52
- SHA512
  
  45b164e4eff353b29b0c2308536d24e42c943b313f564964051dd21d0248d0b58ae1ece11dd99cab5470742b81afc9702f6647a3329486765e4d225edc22df0d
- SSDEEP
  
  12288:Jtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgafTBi+XQFdYEyc6A:Jtb20pkaCqT5TBWgNQ7a7BTg7Yxc6A
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2