snakekeylogger | a1d084c5e89063825e6c866845ee8643a76e1f337880fd0852402bc8d714a7c7

General

Target

a1d084c5e89063825e6c866845ee8643a76e1f337880fd0852402bc8d714a7c7.exe
Size

1.0MB
Sample

241222-ahff9svqhj
MD5

1f0e9cdd4105d32138f3df2510c94e21
SHA1

82ee58715ae7cd9ca42070e942b77f3691e52c2c
SHA256

a1d084c5e89063825e6c866845ee8643a76e1f337880fd0852402bc8d714a7c7
SHA512

13ad4f7bb2841ae17c53266d07d3172dbf33f1d418515681662be7ce87bdbc7f67ffb9fee1233732f80d1c82bec5cf7a5f770f096b8105f60297a4affd061b54
SSDEEP

24576:lqDEvCTbMWu7rQYlBQcBiT6rprG8aAouMeM:lTvC/MTQYxsWR7aAU

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7249279970:AAEcJhrnjOjEPF0_qNK65RAY0sYYfNqc0Sg/sendMessage?chat_id=7365454061

Targets

- Target
  
  a1d084c5e89063825e6c866845ee8643a76e1f337880fd0852402bc8d714a7c7.exe
- Size
  
  1.0MB
- MD5
  
  1f0e9cdd4105d32138f3df2510c94e21
- SHA1
  
  82ee58715ae7cd9ca42070e942b77f3691e52c2c
- SHA256
  
  a1d084c5e89063825e6c866845ee8643a76e1f337880fd0852402bc8d714a7c7
- SHA512
  
  13ad4f7bb2841ae17c53266d07d3172dbf33f1d418515681662be7ce87bdbc7f67ffb9fee1233732f80d1c82bec5cf7a5f770f096b8105f60297a4affd061b54
- SSDEEP
  
  24576:lqDEvCTbMWu7rQYlBQcBiT6rprG8aAouMeM:lTvC/MTQYxsWR7aAU
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2