snakekeylogger | f3a2990ee13d135a48a1e392882b4386be4259704ad4ac2e82398901bf1313b3

General

Target

f3a2990ee13d135a48a1e392882b4386be4259704ad4ac2e82398901bf1313b3.exe
Size

996KB
Sample

241203-dp6htaxla1
MD5

17a7feed2e38ee63d467a6adda8fd604
SHA1

103ce31f4b3e7c040bd97f09262b44788c064827
SHA256

f3a2990ee13d135a48a1e392882b4386be4259704ad4ac2e82398901bf1313b3
SHA512

599d54a09a0151f6288d415f1499bfaed34000cf473aa2ae07caa2dc350219f35bcc98ecd60b55e4601f50c68a0e50e53909a22a0cbc4e31ae39a980f6a3d681
SSDEEP

24576:Wtb20pkaCqT5TBWgNQ7a7R8vY/ujlvYw6A:DVg5tQ7a7r/uRvd5

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8133286026:AAGeoCC9PBFfy6_m7BYTQffAk1yO8Lvnbd0/sendMessage?chat_id=6359577280

Targets

- Target
  
  f3a2990ee13d135a48a1e392882b4386be4259704ad4ac2e82398901bf1313b3.exe
- Size
  
  996KB
- MD5
  
  17a7feed2e38ee63d467a6adda8fd604
- SHA1
  
  103ce31f4b3e7c040bd97f09262b44788c064827
- SHA256
  
  f3a2990ee13d135a48a1e392882b4386be4259704ad4ac2e82398901bf1313b3
- SHA512
  
  599d54a09a0151f6288d415f1499bfaed34000cf473aa2ae07caa2dc350219f35bcc98ecd60b55e4601f50c68a0e50e53909a22a0cbc4e31ae39a980f6a3d681
- SSDEEP
  
  24576:Wtb20pkaCqT5TBWgNQ7a7R8vY/ujlvYw6A:DVg5tQ7a7r/uRvd5
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2