snakekeylogger | 7e2a41007de15f145fd141b8fe26d97be4e3078bc5ae31dce3f7d73a4c330da1 | Triage

Submit
Reports

Overview

overview

Static

static

3

QUOTATION_...DF.scr

windows7-x64

QUOTATION_...DF.scr

windows10-2004-x64

Sharing

General

Target

QUOTATION_DECQTRA071244uPDF.scr
Size

1.4MB
Sample

241205-kc48jssmar
MD5

1a07ab467f5ef0ce3e7733a718538477
SHA1

475792452dd61c6dd023159284b6ae9e0f6581ac
SHA256

7e2a41007de15f145fd141b8fe26d97be4e3078bc5ae31dce3f7d73a4c330da1
SHA512

bc55a5debb917da962a92873797d6421901b10dcc3c75249fadae595cb7db433affc932b87e836ea1b898ce8df0c9e9068a3252eb1d3964100b7d43a574e65df
SSDEEP

24576:3v7/cWsAmR+M9o+NK/Jld5NGXO5GuiJIjNZUAloJZRNcdZtO:3brsXR8+NKx/5NGeENJWN6AmJSdz

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

QUOTATION_DECQTRA071244uPDF.scr

Resource

win7-20240903-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

QUOTATION_DECQTRA071244uPDF.scr

Resource

win10v2004-20241007-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
ABBjy5ce)hyxmj99w
Email To:
[email protected]

Targets

- Target
  
  QUOTATION_DECQTRA071244uPDF.scr
- Size
  
  1.4MB
- MD5
  
  1a07ab467f5ef0ce3e7733a718538477
- SHA1
  
  475792452dd61c6dd023159284b6ae9e0f6581ac
- SHA256
  
  7e2a41007de15f145fd141b8fe26d97be4e3078bc5ae31dce3f7d73a4c330da1
- SHA512
  
  bc55a5debb917da962a92873797d6421901b10dcc3c75249fadae595cb7db433affc932b87e836ea1b898ce8df0c9e9068a3252eb1d3964100b7d43a574e65df
- SSDEEP
  
  24576:3v7/cWsAmR+M9o+NK/Jld5NGXO5GuiJIjNZUAloJZRNcdZtO:3brsXR8+NKx/5NGeENJWN6AmJSdz
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy