snakekeylogger | e2e5612a60d100b248d90462be2ae5d7318960102ec73d908fe3608480e792bc

General

Target

e2e5612a60d100b248d90462be2ae5d7318960102ec73d908fe3608480e792bc
Size

581KB
Sample

241211-stblkaspek
MD5

42f406b4a345bd9d351d11d82709358d
SHA1

5d10d13a62d1569f1ed0886b825eb685e63b4c90
SHA256

e2e5612a60d100b248d90462be2ae5d7318960102ec73d908fe3608480e792bc
SHA512

eb00d473833b5fa0310875984f933f188b8714a5cabb663050a31c3efd1ed5f8d140de7e40390fbcef808790f16aa70293b54a2fd5ba82d9403d88d581b33a3e
SSDEEP

12288:pFIbl/zL1mj2vChxP4t33Ki/6ieLhQ+VbN7U1deejr8:pSlFvv0xwt36iSj6ab1gdLH8

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7924749806:AAG-WJhqQVHwMR7UVUYahs5tVC-3tNXnruE/sendMessage?chat_id=7009913093

Targets

- Target
  
  Hesap hareketleriniz.exe
- Size
  
  1.0MB
- MD5
  
  87a60d28adbc2f774620b87984b3663c
- SHA1
  
  10c04e4451c39cb9282461ed269b16ef380d5b23
- SHA256
  
  495e5899f9ab370b49705fd287d1d4c69399c4029c643960045c24645ed7f394
- SHA512
  
  71701aaabae3083e799337735cd17215bd59b52305704fcb6539504dc334864d32c488706901a91b024f674ff7700f82986cafc50398e94808a66f4891a5f060
- SSDEEP
  
  24576:Ku6J33O0c+JY5UZ+XC0kGso6Fa5pMdxkpQYWY:8u0c++OCvkGs9Fa5+IpyY
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2