snakekeylogger | 59166799e116757971eb6afa0dfdd024a12ac165d733848d9ebbe2650c2bff9e

General

Target

UBS20240190101.lzh
Size

579KB
Sample

241206-stdqxstpbw
MD5

c3e6dab3bd09c6878f680b0d7aa3dea7
SHA1

569eb7818ecd4e5465535a688c8fe9537a124d0e
SHA256

59166799e116757971eb6afa0dfdd024a12ac165d733848d9ebbe2650c2bff9e
SHA512

c67cdde93ac18e7e70a0d716d5330141e43fdfa4a47219a0a426dafa4672e6c715da428f692137b875595112c863961589331947d4d4d0911f31dd1c82f9a1d4
SSDEEP

12288:0oO2hZs0xVgo4MxptMOpzTS9YtenxWOtkTAk+I:TC0LBHTSnnxWOtt+

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.alotemizlik.com.tr
Port:
587
Username:
[email protected]
Password:
GB63xz79
Email To:
[email protected]

Targets

- Target
  
  UBS20240190101.exe
- Size
  
  996KB
- MD5
  
  9d6d766bbc9e1f2384bc31f297b4dbb9
- SHA1
  
  8f6ca29b1bde72b85da4c6bd2933aabb46e67ab3
- SHA256
  
  01c5e22e0947ce7bee51215874fda131e330d5bf70db9ac34ca5854b35d96783
- SHA512
  
  ec442e988964e237df6d56ea8b3d2dbd73e1bb8a68cb6f09389b679a767ba12bd615ba81f5046c94d3545d16bb89b5e6841d92da2768701a084ddc09052ae7f2
- SSDEEP
  
  24576:1u6J33O0c+JY5UZ+XC0kGso6FaXJnBWO98ZmhWY:Xu0c++OCvkGs9FaXJnXgY
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2