snakekeylogger | 56b2e1e2a5936d3ca74a62ce4ba8763a60e1f0673477619f934db100ec42e2ea

General

Target

hesaphareketi-01.pdf.z
Size

495KB
Sample

241211-npqsga1key
MD5

a480a74c2fcc268d9cd3ce49f2b15a24
SHA1

bb197409518c6ef2636c6dc2bdd0d53e9b59e9cb
SHA256

56b2e1e2a5936d3ca74a62ce4ba8763a60e1f0673477619f934db100ec42e2ea
SHA512

2ce8eb551ea3ca9ba2411efaffede14f254e27465f74f2ebb93d608facfc05bb7645ecdd02ccc77e9e8d77e5aaf439f57315118bdda6dd9cf36d1eef9d96852d
SSDEEP

12288:/hv+EnwKNOont/7Xi56/RwpSJlgULBmukv4Lo72IIVF:l+ewJExXi56/yuBmukCP

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7125297965:AAFl6eQAjxqGeAfWHpfHbGAtADDAZUyFidM/sendMessage?chat_id=6367688286

Targets

- Target
  
  hesaphareketi-01.pdf.z
- Size
  
  495KB
- MD5
  
  a480a74c2fcc268d9cd3ce49f2b15a24
- SHA1
  
  bb197409518c6ef2636c6dc2bdd0d53e9b59e9cb
- SHA256
  
  56b2e1e2a5936d3ca74a62ce4ba8763a60e1f0673477619f934db100ec42e2ea
- SHA512
  
  2ce8eb551ea3ca9ba2411efaffede14f254e27465f74f2ebb93d608facfc05bb7645ecdd02ccc77e9e8d77e5aaf439f57315118bdda6dd9cf36d1eef9d96852d
- SSDEEP
  
  12288:/hv+EnwKNOont/7Xi56/RwpSJlgULBmukv4Lo72IIVF:l+ewJExXi56/yuBmukCP
Score

1^/10
behavioral1 behavioral2
- Target
  
  hesaphareketi-01.pdf.exe
- Size
  
  513KB
- MD5
  
  2c3fef704708031e5e399e2372c4df94
- SHA1
  
  4b56b7bd59fc34ddfe68b49834c9da09aeb10db6
- SHA256
  
  2d1df1dc79847b6c217b8daab33212ced9135267fbc80559b11a8b49735caba6
- SHA512
  
  49ce56727d0004e55ec37e03a2ea713ce32f2ed72db3ab9c7a6a32bb441484654a20fd79e547b2864797a5aed31ed02f7a03d9cdaa97448923b47001aa6fa574
- SSDEEP
  
  12288:+cJLhv+onwQNkoBtR7Xo56/RwpSJ5AULBmAkF4Lo72CIV1w:XJ5+aw7ETXo56/WuBmAkwZw
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4