snakekeylogger | 86b4642fd215643e3ebb779fc602ea96e6060282a0676fe77d77ba75ae60bdc3

General

Target

86b4642fd215643e3ebb779fc602ea96e6060282a0676fe77d77ba75ae60bdc3N.exe
Size

602KB
Sample

241130-v7xgastqek
MD5

2ddabdf68951572d125845a9952bbf60
SHA1

7b9506aa4474f6c4e032060359be88d77f9dbad7
SHA256

86b4642fd215643e3ebb779fc602ea96e6060282a0676fe77d77ba75ae60bdc3
SHA512

89af435c28c087098e897e92a7893f0599e5c113e84802fb9e341883186f1f69df79327d95758a84f57dd781049416180df4deb2c93f96b7cb25734988159560
SSDEEP

12288:GoCb+eCSmdVCLWxXNFGkDZ2Y3zQ570ieq5Bw1afxl8kzAmWF:eCLVCLwNDZ53k5sq5+qxl8Y0F

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.daipro.com.mx
Port:
587
Username:
[email protected]
Password:
DAIpro123**
Email To:
[email protected]

Targets

- Target
  
  86b4642fd215643e3ebb779fc602ea96e6060282a0676fe77d77ba75ae60bdc3N.exe
- Size
  
  602KB
- MD5
  
  2ddabdf68951572d125845a9952bbf60
- SHA1
  
  7b9506aa4474f6c4e032060359be88d77f9dbad7
- SHA256
  
  86b4642fd215643e3ebb779fc602ea96e6060282a0676fe77d77ba75ae60bdc3
- SHA512
  
  89af435c28c087098e897e92a7893f0599e5c113e84802fb9e341883186f1f69df79327d95758a84f57dd781049416180df4deb2c93f96b7cb25734988159560
- SSDEEP
  
  12288:GoCb+eCSmdVCLWxXNFGkDZ2Y3zQ570ieq5Bw1afxl8kzAmWF:eCLVCLwNDZ53k5sq5+qxl8Y0F
Score

10^/10

snakekeylogger collection discovery execution keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2