snakekeylogger | 6cff924b5be424a4d1bed9ff2a570b1908064f2719b279b4361fd8d833b45808

General

Target

1733755327131807265395c8beb00b001ee74b7ae39a6579109a5e4a352d4399291272954e392.dat-decoded.exe
Size

130KB
Sample

241209-r5qn7a1lfz
MD5

65ff3f25d4818c060a0a160375e7b740
SHA1

85c12c22db8ac4b030c3f729c3ddd2f54db391e1
SHA256

6cff924b5be424a4d1bed9ff2a570b1908064f2719b279b4361fd8d833b45808
SHA512

c763100042228d232d4cc4db53559ca1e736a05e41dfc2835c4f91584d3cd2c8c631aa918cb068353206f09dbb53066fcdf525fe65f3e646f49271f3e7736fee
SSDEEP

3072:1vDdI8Ca564+4V4v4z4G43424A464y4K4v4f4u4A494V4t4w4H4j4Y4Y4s4P4W4J:3IxaVbd23zb

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7349048185:AAHLm8Aap_epDdcaT0ahDVTg27Uu0WBVu5s/sendMessage?chat_id=806477590

Targets

- Target
  
  1733755327131807265395c8beb00b001ee74b7ae39a6579109a5e4a352d4399291272954e392.dat-decoded.exe
- Size
  
  130KB
- MD5
  
  65ff3f25d4818c060a0a160375e7b740
- SHA1
  
  85c12c22db8ac4b030c3f729c3ddd2f54db391e1
- SHA256
  
  6cff924b5be424a4d1bed9ff2a570b1908064f2719b279b4361fd8d833b45808
- SHA512
  
  c763100042228d232d4cc4db53559ca1e736a05e41dfc2835c4f91584d3cd2c8c631aa918cb068353206f09dbb53066fcdf525fe65f3e646f49271f3e7736fee
- SSDEEP
  
  3072:1vDdI8Ca564+4V4v4z4G43424A464y4K4v4f4u4A494V4t4w4H4j4Y4Y4s4P4W4J:3IxaVbd23zb
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Checks computer location settings

Deletes itself

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2