snakekeylogger | fe2bc4496f2a7b4b7273283adf244feaefea1c7c49c8a591aedc636da4a648e9 | Triage

Submit
Reports

Overview

overview

Static

static

3

DHL EXP. �...DF.exe

windows7-x64

DHL EXP. �...DF.exe

windows10-2004-x64

Sharing

General

Target

fe2bc4496f2a7b4b7273283adf244feaefea1c7c49c8a591aedc636da4a648e9
Size

478KB
Sample

241213-h6mjgstnfk
MD5

d40c414296f9fcb79e9187edaf1bcfd9
SHA1

fce528dad0c4812b7c9f86cfcc865bf36e8cfd62
SHA256

fe2bc4496f2a7b4b7273283adf244feaefea1c7c49c8a591aedc636da4a648e9
SHA512

eb3a889f2816eb9073ce5ed292688346860be50533a618884d53ae405d0de2421fe6eb0ee4a744e946dac5fae64cf7750ba13d1be8c3d5d5f44119f2d1bbb41e
SSDEEP

12288:siIDQ86N0wlZ0b/zaDkBhj8HrpQatDg3fRTZ2:siIDQ86VCbraE+ht03fRTw

Score

10^/10

snakekeylogger collection discovery keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DHL EXP. ÖDEMENIZE AIT DETAY TALEBI HK.PDF.exe

Resource

win7-20240903-en

snakekeylogger collection discovery keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

DHL EXP. ÖDEMENIZE AIT DETAY TALEBI HK.PDF.exe

Resource

win10v2004-20241007-en

snakekeylogger collection discovery keylogger spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7125297965:AAFl6eQAjxqGeAfWHpfHbGAtADDAZUyFidM/sendMessage?chat_id=6367688286

Targets

- Target
  
  DHL EXP. ÖDEMENIZE AIT DETAY TALEBI HK.PDF.exe
- Size
  
  481KB
- MD5
  
  1c302c125a96760c0aafda4a07fde507
- SHA1
  
  66a0579202cac79cb0d4332fc09a4e442604ac9d
- SHA256
  
  3e894a9bbe48bdb106dda36c117de838daa2fbdab68d293c06a6040514e7fdd5
- SHA512
  
  983c05ecf5ecc49df4f76d14583eb01a5da579857f66b726c361a1753e4b1faa20511e50c6b6232d99ad84b1b7ed33283935954d0b39931b207e4ebff1e442a3
- SSDEEP
  
  12288:bG8m7IDQ8mNiglZG//zafk5hjqHrpQaTDg3fRLZhGNE:q/7IDQ8mZQ/raGwhT03fRLaNE
Score

10^/10

snakekeylogger collection discovery keylogger stealer spyware
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoverykeyloggerstealer

behavioral2

snakekeyloggercollectiondiscoverykeyloggerspywarestealer

© 2018-2024

Terms | Privacy