snakekeylogger | 22af294596a94c94df1e13966f16af73ab4246c11866a75a7d2a095ae6a91f7e

General

Target

22af294596a94c94df1e13966f16af73ab4246c11866a75a7d2a095ae6a91f7eN.exe
Size

1.0MB
Sample

241222-hnxxhayjex
MD5

988f9a70417a5ee4f7d4d3e0b3ed71f0
SHA1

4a1b003b6bd958160d3f27cb362ed8230f83f842
SHA256

22af294596a94c94df1e13966f16af73ab4246c11866a75a7d2a095ae6a91f7e
SHA512

d087b8f4d40fc9ea89eb6720274c8d6b39bf861710c0c939b24aa3f0f5c8bd78b3c7866acd5712cb130a5369b10524ed3666b85072ea57af389ca4146e531701
SSDEEP

24576:lqDEvCTbMWu7rQYlBQcBiT6rprG8aAouMe:lTvC/MTQYxsWR7aA

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7249279970:AAEcJhrnjOjEPF0_qNK65RAY0sYYfNqc0Sg/sendMessage?chat_id=7365454061

Targets

- Target
  
  22af294596a94c94df1e13966f16af73ab4246c11866a75a7d2a095ae6a91f7eN.exe
- Size
  
  1.0MB
- MD5
  
  988f9a70417a5ee4f7d4d3e0b3ed71f0
- SHA1
  
  4a1b003b6bd958160d3f27cb362ed8230f83f842
- SHA256
  
  22af294596a94c94df1e13966f16af73ab4246c11866a75a7d2a095ae6a91f7e
- SHA512
  
  d087b8f4d40fc9ea89eb6720274c8d6b39bf861710c0c939b24aa3f0f5c8bd78b3c7866acd5712cb130a5369b10524ed3666b85072ea57af389ca4146e531701
- SSDEEP
  
  24576:lqDEvCTbMWu7rQYlBQcBiT6rprG8aAouMe:lTvC/MTQYxsWR7aA
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2