snakekeylogger | 5ed393d1e048cf31f1eab079a58ef7e089dcd5376cf4f2789281ccb0a3ce71e0 | Triage

Submit
Reports

Overview

overview

Static

static

3

ekstre.pdf.exe

windows7-x64

1

ekstre.pdf.exe

windows10-2004-x64

Sharing

General

Target

5ed393d1e048cf31f1eab079a58ef7e089dcd5376cf4f2789281ccb0a3ce71e0
Size

482KB
Sample

241213-kdpt9asrbt
MD5

a1ada97231233491550466c12c522867
SHA1

787ce3c8842ad9ed878cf69d5c2a21b2f95a4bff
SHA256

5ed393d1e048cf31f1eab079a58ef7e089dcd5376cf4f2789281ccb0a3ce71e0
SHA512

7ee33fbad708823984b66a0a60888608c7a69b4cf2a7618ee0fcbc7248b04105929fdbdb1123a406bf934dd259afb0e5c8ccecdc80f45e208ed48e1f2ec146f8
SSDEEP

12288:4ECIcVEPGZnRLo3LpLcRh46NHAzoHGuoRBZMM0pabrf1:4tiPeutShvNs0GAMnPf1

Score

10^/10

snakekeylogger collection discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ekstre.pdf.exe

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

ekstre.pdf.exe

Resource

win10v2004-20241007-en

snakekeylogger collection discovery keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7125297965:AAFl6eQAjxqGeAfWHpfHbGAtADDAZUyFidM/sendMessage?chat_id=6367688286

Targets

- Target
  
  ekstre.pdf.exe
- Size
  
  491KB
- MD5
  
  7e489c990749ef292c4d2bb492229d33
- SHA1
  
  bb912cefcbe835e760b7b23541614c632b5386ca
- SHA256
  
  a90064fabd3a584e530137cca993bdb15ea853afadceee02d80a5f46601255ea
- SHA512
  
  722a537217da520f7d956c5cead9dd2eef1656e6f3e3c48ceb4330c9af3fd10f0f4d9960da9872567d7f3815393745c5da23543a174271ce6f797fcf7a666e09
- SSDEEP
  
  12288:ZWgIcViPGnn1LovLpbclh4ONHAzkHcuoRBZYI0fabMpa:MgsPmK1chtNsAc0IPYQ
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectiondiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy