snakekeylogger | 04a71f87d4223328a0dbef5085168ff3710b488b68bca528de391d706e01cd5a

General

Target

04a71f87d4223328a0dbef5085168ff3710b488b68bca528de391d706e01cd5a.exe
Size

785KB
Sample

241205-tajy9s1lez
MD5

f01fb2c1ebde3213faeec8d171c0eed2
SHA1

598d9ab017e0ac1bb65ba05b296c493426918ff8
SHA256

04a71f87d4223328a0dbef5085168ff3710b488b68bca528de391d706e01cd5a
SHA512

ea9665b513ddeac55944022570a62b310925fceffae15bccb1249b1f98066a0df47be1a10626404e9248260ad92365ba19ae53e41b4c220e327a7d880403afbc
SSDEEP

12288:beYT2ytQFWKDvedwHtLYVm8x2ySv+zlv0O78wCtd9ao4:SXFbvedhmS2Xsum8rao

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7719054034:AAHonYJDOpWskt5QdgdvYe662dLuhtscDqw/sendMessage?chat_id=6370711846

Targets

- Target
  
  04a71f87d4223328a0dbef5085168ff3710b488b68bca528de391d706e01cd5a.exe
- Size
  
  785KB
- MD5
  
  f01fb2c1ebde3213faeec8d171c0eed2
- SHA1
  
  598d9ab017e0ac1bb65ba05b296c493426918ff8
- SHA256
  
  04a71f87d4223328a0dbef5085168ff3710b488b68bca528de391d706e01cd5a
- SHA512
  
  ea9665b513ddeac55944022570a62b310925fceffae15bccb1249b1f98066a0df47be1a10626404e9248260ad92365ba19ae53e41b4c220e327a7d880403afbc
- SSDEEP
  
  12288:beYT2ytQFWKDvedwHtLYVm8x2ySv+zlv0O78wCtd9ao4:SXFbvedhmS2Xsum8rao
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Checks computer location settings

Deletes itself

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.