snakekeylogger | 4a9c927ca3ab3daf115d5a9915aa4d2f6a60bcb55bfb522561cebc367af0fdff

General

Target

4a9c927ca3ab3daf115d5a9915aa4d2f6a60bcb55bfb522561cebc367af0fdff
Size

479KB
Sample

241211-g2ywaa1jay
MD5

7ff7979af79af1a190e4f469abf6df77
SHA1

e806203240c3f4cd34c7e9e030bda29ea6b7120c
SHA256

4a9c927ca3ab3daf115d5a9915aa4d2f6a60bcb55bfb522561cebc367af0fdff
SHA512

65776f4a01c79d1a00882f0df0bc2460c32c86c1c9ba2e4340c5172f9bf0cb2d2df826fe586cc35fcc5a94f5cfe5fb6d6ddca7712fa847e73b003b765832e143
SSDEEP

6144:lGb6C3tkj4qsVZRLws4uRtq8hWygJYfaPkKvBmDbgWdS/jjaQ3eeCWGW6SNuM+MK:lK5ZzRtnIytfaPkKvQejDLCW+nM+wip

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7125297965:AAFl6eQAjxqGeAfWHpfHbGAtADDAZUyFidM/sendMessage?chat_id=6367688286

Targets

- Target
  
  hesaphareketi-01.pdf.exe
- Size
  
  482KB
- MD5
  
  bfc506a47909ab3fde096eb0fc07e0fa
- SHA1
  
  eae0c401e967ad9c0add1ecbb84274e80539500f
- SHA256
  
  1717667681d1deb0de0b6894218e2d46f35e79f226a893ecd34dba57679bf3b2
- SHA512
  
  9bc2fe82a2342300a3c672dc77439326df23dea11ad2c9b6f3932f5272b3a0565f43ea5c7503be71995e76bd757ba1873a7a3bbed44351df42661ce679d82157
- SSDEEP
  
  6144:/hiBynqs9ZRLwK4ujtq8zWygJYraP8KvBmDbYWds/jjay3eeCiGe6SNgM+MlFaGE:D3ZHjtnaytraP8KvQgjLLCioPM+wmUE/
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2