snakekeylogger | cab5af3d9a6dd11405590481805b5380e9ba1c94bcf3b2ae6df75072108a3403

General

Target

cab5af3d9a6dd11405590481805b5380e9ba1c94bcf3b2ae6df75072108a3403
Size

477KB
Sample

241216-drqv5s1nhw
MD5

248907f6a8cdc1c8742577059fd7ba59
SHA1

b69e46cd92ff8db6f2d9acdaf895626df1b22d4e
SHA256

cab5af3d9a6dd11405590481805b5380e9ba1c94bcf3b2ae6df75072108a3403
SHA512

57016ad0cff02d6db4996225e526348ec67a2d7b73168ccd9165cd63b5a01abb88ca2781112b7230ca22f08f15f66c36ab71d493758bbd6c8991291ce1f7fcdc
SSDEEP

12288:FrhYOA4NFT7v0y9sm5NrDskHX96+NfEkNnj3Fx:FrhYOVFT7v0yv7rDskHt6+NBNnj3Fx

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7125297965:AAFl6eQAjxqGeAfWHpfHbGAtADDAZUyFidM/sendMessage?chat_id=6367688286

Targets

- Target
  
  hesaphareketi-01.pdf.exe
- Size
  
  480KB
- MD5
  
  1182b118e3ef6a2bb23c1fa63421f415
- SHA1
  
  4d79a5d3934bc88874532c7a370c3d29331c2b67
- SHA256
  
  e6898cab171f9677ea94663fd86b9b4e5a7589d0f3557b54d99fb6eb2abd18bc
- SHA512
  
  e4ba194a7558383d53887fa15f840af3d416d2b9af9e4b0ac7021f2998f301dd69c51ea668da947d26b102f905cc09985b1a5c169bfc232bd66308e15bc51a5c
- SSDEEP
  
  12288:K7m8gHOq4pFZ7vIyfymnN7DsAHX9o+NfEkNHjRcsuN:0DgHOPFZ7vIyHN7DsAHto+NRNHja
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2