snakekeylogger | e248994d1154ecc091a72040543631f6faf42e980b524193b6ea207262a374a7

General

Target

e248994d1154ecc091a72040543631f6faf42e980b524193b6ea207262a374a7.exe
Size

595KB
Sample

250110-rlqj3swpe1
MD5

5314dc731381de014b294374b0eb7666
SHA1

9e3577f1495fdbb76115231a8a6680db0bed3632
SHA256

e248994d1154ecc091a72040543631f6faf42e980b524193b6ea207262a374a7
SHA512

0eb21211a73870d1d9681cd236bcb6edfe5e2049477fc4773c8f7e3f9868352dac55bd95df8b3547bdad060ae2ee05b8e8a7280b904f273deff0c2881b431f44
SSDEEP

12288:oYV6MorX7qzuC3QHO9FQVHPF51jgc7nbUwhIZLBZE:HBXu9HGaVH7nbUwGfE

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: ftp
Host:
ftp://ftp.hogarsancamilo.org/
Port:
21
Username:
[email protected]
Password:
eg0wtRsF5HKA

Targets

- Target
  
  e248994d1154ecc091a72040543631f6faf42e980b524193b6ea207262a374a7.exe
- Size
  
  595KB
- MD5
  
  5314dc731381de014b294374b0eb7666
- SHA1
  
  9e3577f1495fdbb76115231a8a6680db0bed3632
- SHA256
  
  e248994d1154ecc091a72040543631f6faf42e980b524193b6ea207262a374a7
- SHA512
  
  0eb21211a73870d1d9681cd236bcb6edfe5e2049477fc4773c8f7e3f9868352dac55bd95df8b3547bdad060ae2ee05b8e8a7280b904f273deff0c2881b431f44
- SSDEEP
  
  12288:oYV6MorX7qzuC3QHO9FQVHPF51jgc7nbUwhIZLBZE:HBXu9HGaVH7nbUwGfE
Score

10^/10

snakekeylogger collection discovery keylogger stealer upx
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2