snakekeylogger | c535648fcb637565a3253706bc12af2c9a4def5c243d3a388db5b8a6d91181a8

General

Target

SWIFTMESAJI.ARJ
Size

471KB
Sample

241211-njxc3avndr
MD5

07841f5e7aedf482b39c5bb10ca5de75
SHA1

800640ccd118bc7f6440b00cad85c2eceeb4f5c4
SHA256

c535648fcb637565a3253706bc12af2c9a4def5c243d3a388db5b8a6d91181a8
SHA512

2c8a22693ea9641c844be6adb27e9c2c4ec7132565af8952ed00844ef57e4783bf87c4202bc07f773cc6c8945c3468a2eac7505f444b4c043130706e4d7f3e3f
SSDEEP

12288:pJL7j9V0lUau2sMCPsGHpvynMqCeLNHzPRVVA4xWbTic:pJnjiUau2sMCPsG4LLNHzPRV24UbTic

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7525931722:AAHv5VReYz4Tdv44qTVu1nWYViZknndh3TU/sendMessage?chat_id=7361435574

Targets

- Target
  
  SWIFTMESAJI.ARJ
- Size
  
  471KB
- MD5
  
  07841f5e7aedf482b39c5bb10ca5de75
- SHA1
  
  800640ccd118bc7f6440b00cad85c2eceeb4f5c4
- SHA256
  
  c535648fcb637565a3253706bc12af2c9a4def5c243d3a388db5b8a6d91181a8
- SHA512
  
  2c8a22693ea9641c844be6adb27e9c2c4ec7132565af8952ed00844ef57e4783bf87c4202bc07f773cc6c8945c3468a2eac7505f444b4c043130706e4d7f3e3f
- SSDEEP
  
  12288:pJL7j9V0lUau2sMCPsGHpvynMqCeLNHzPRVVA4xWbTic:pJnjiUau2sMCPsG4LLNHzPRV24UbTic
Score

1^/10
behavioral1 behavioral2
- Target
  
  SWIFTMESAJI.exe
- Size
  
  955KB
- MD5
  
  c25938315ed7016703bb99bafae689b5
- SHA1
  
  6dc5affbc77bea59b3c7cbfd2767156d3612beb8
- SHA256
  
  788fedc273576b3be8e4471d1d7c64832b96fc10bdf553a1e45fe4f1f0672369
- SHA512
  
  1ea7aea8cdc4314ee880a22fa4a23386cdc73d9a49bb6f4347b90c17e40257bf1a78dadecf4d00018b18d9e65a4db399110c6206ed77fc9a19bfc9f505f63bcd
- SSDEEP
  
  24576:lu6J33O0c+JY5UZ+XC0kGso6Famy0Om8Ak6WY:nu0c++OCvkGs9FamYmgY
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4