snakekeylogger | fddda3fca32418809de1c3b11f02df63878154d67c89054938a413f6d8bd667a

General

Target

fddda3fca32418809de1c3b11f02df63878154d67c89054938a413f6d8bd667a.exe
Size

807KB
Sample

250110-r9ywcsznbj
MD5

e9002e32b4e6094a3ef6550fd5351141
SHA1

3359aa914cf67c5638de17746adaed1a1b36f246
SHA256

fddda3fca32418809de1c3b11f02df63878154d67c89054938a413f6d8bd667a
SHA512

1974654313429951a2255134dbcf3673a0f681a2b42c8fd85cef3695fba1a9f99b9fce4a107deea347bd2ba76ee90682d1b5665f14d8512196525cd147ee5794
SSDEEP

24576:5MaSSKy2/SPNc3cMezC30i3ThYImbY/G:5RQJ3NCg0hxbY/

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.damaz.it
Port:
587
Username:
[email protected]
Password:
348cli
Email To:
[email protected]

Targets

- Target
  
  fddda3fca32418809de1c3b11f02df63878154d67c89054938a413f6d8bd667a.exe
- Size
  
  807KB
- MD5
  
  e9002e32b4e6094a3ef6550fd5351141
- SHA1
  
  3359aa914cf67c5638de17746adaed1a1b36f246
- SHA256
  
  fddda3fca32418809de1c3b11f02df63878154d67c89054938a413f6d8bd667a
- SHA512
  
  1974654313429951a2255134dbcf3673a0f681a2b42c8fd85cef3695fba1a9f99b9fce4a107deea347bd2ba76ee90682d1b5665f14d8512196525cd147ee5794
- SSDEEP
  
  24576:5MaSSKy2/SPNc3cMezC30i3ThYImbY/G:5RQJ3NCg0hxbY/
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Checks computer location settings

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2