snakekeylogger | bcb0065a918da4e789365e7a5800b36a625763421f18ac1dd6067c8e2a419b34

General

Target

bcb0065a918da4e789365e7a5800b36a625763421f18ac1dd6067c8e2a419b34
Size

44KB
Sample

241210-k9m1jaskgv
MD5

0f23bec7c187b4832c7c09d26db3682e
SHA1

7c18cd3954e000af3ea56e5409a4298ab33e9704
SHA256

bcb0065a918da4e789365e7a5800b36a625763421f18ac1dd6067c8e2a419b34
SHA512

08877ec2643d600ee38f9653d94c435f3877e0ea179d0f8aa679c3f3d2bfa3346b6129b0bb45cdededf427808f1ac1b4308ad2addd8917eca75d4b88547fb82b
SSDEEP

192:w0u3TOyh7otbCKzp9ocJ6WMKhOJRTnkwZiRvzhQmMCJnmJVt:c3bUsALplOJqwIRv9QDymJV

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtps.aruba.it
Port:
465
Username:
[email protected]
Password:
tecninf2017
Email To:
[email protected]

Targets

- Target
  
  bcb0065a918da4e789365e7a5800b36a625763421f18ac1dd6067c8e2a419b34
- Size
  
  44KB
- MD5
  
  0f23bec7c187b4832c7c09d26db3682e
- SHA1
  
  7c18cd3954e000af3ea56e5409a4298ab33e9704
- SHA256
  
  bcb0065a918da4e789365e7a5800b36a625763421f18ac1dd6067c8e2a419b34
- SHA512
  
  08877ec2643d600ee38f9653d94c435f3877e0ea179d0f8aa679c3f3d2bfa3346b6129b0bb45cdededf427808f1ac1b4308ad2addd8917eca75d4b88547fb82b
- SSDEEP
  
  192:w0u3TOyh7otbCKzp9ocJ6WMKhOJRTnkwZiRvzhQmMCJnmJVt:c3bUsALplOJqwIRv9QDymJV
Score

10^/10

discovery snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Suspicious use of NtCreateUserProcessOtherParentProcess

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2