snakekeylogger | 82bf98b3ec60bcd34d5ee354d22528c21f8fcbf721f209a9a2cba4809d661627

General

Target

5758229f9353e837db35d9556f8c30cb.bin
Size

594KB
Sample

241208-bp6gpszmgn
MD5

dec64f0ad79bfa08329f75a470dc9bef
SHA1

0274bd612f8e5d9e807c19f15a01aaf0247fd2cb
SHA256

82bf98b3ec60bcd34d5ee354d22528c21f8fcbf721f209a9a2cba4809d661627
SHA512

6bd46d93d494c82b69483b0b51c42f2a444321c79bbe0bfd3501b63f09cd9c561115ec52a4ddab81d9dc7b34924d1f21d1023b0b0577bd07ba133b5beab31f4f
SSDEEP

12288:qvYTo+rexd7PhjxREbqM4zxkCXxZ8BTqi2XJEodpHLJ6ijqWv2:qgE+Sr7PBx+4z22wQv6apllqWv2

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7525931722:AAHv5VReYz4Tdv44qTVu1nWYViZknndh3TU/sendMessage?chat_id=7361435574

Targets

- Target
  
  9cf2882c93d6ab624569666974837d2f910412e2e5fcd66f62e655a7448bc693.exe
- Size
  
  1009KB
- MD5
  
  5758229f9353e837db35d9556f8c30cb
- SHA1
  
  424e24f9de8e1c014d19772ec4c052820c3e36e4
- SHA256
  
  9cf2882c93d6ab624569666974837d2f910412e2e5fcd66f62e655a7448bc693
- SHA512
  
  bc807007ff2fb7559345310456a81dade83bfe925c7aa896a46d9394124c531adfe9ef387a7cb94c5d3788d4bac1669131d4884725163b1f94e29b760fe97874
- SSDEEP
  
  24576:zu6J33O0c+JY5UZ+XC0kGso6FaDBSRT8n7LvoAWY:du0c++OCvkGs9FaDBSRTgXvSY
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2