snakekeylogger | da4a4370eb4e97775038824dfc8e9eb85e795ee6db9a182ab8965f25aa533630

General

Target

da4a4370eb4e97775038824dfc8e9eb85e795ee6db9a182ab8965f25aa533630.exe
Size

130KB
Sample

250110-ryxtxszjdk
MD5

4f94fd9f205bbf26710198a0e176b35f
SHA1

7fcd8d18153a9b25e37cce7f15f968ef7d923dfc
SHA256

da4a4370eb4e97775038824dfc8e9eb85e795ee6db9a182ab8965f25aa533630
SHA512

dda1b8602bc339901b96de775de5d3576428f148cc08b0985eed5caf4b58997a1be7d9114ecc18e9e8487d5ad28b81c4b17810b0e40eb20f4ced1b6520e7098f
SSDEEP

3072:lLIyRktx3CI9jVhNZ5KvRksb5h8m9ywvcGLgbY:DRyxSoKksbbmb

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.ozdenticaret.com.tr
Port:
587
Username:
[email protected]
Password:
Ozd.135246
Email To:
[email protected]

Targets

- Target
  
  da4a4370eb4e97775038824dfc8e9eb85e795ee6db9a182ab8965f25aa533630.exe
- Size
  
  130KB
- MD5
  
  4f94fd9f205bbf26710198a0e176b35f
- SHA1
  
  7fcd8d18153a9b25e37cce7f15f968ef7d923dfc
- SHA256
  
  da4a4370eb4e97775038824dfc8e9eb85e795ee6db9a182ab8965f25aa533630
- SHA512
  
  dda1b8602bc339901b96de775de5d3576428f148cc08b0985eed5caf4b58997a1be7d9114ecc18e9e8487d5ad28b81c4b17810b0e40eb20f4ced1b6520e7098f
- SSDEEP
  
  3072:lLIyRktx3CI9jVhNZ5KvRksb5h8m9ywvcGLgbY:DRyxSoKksbbmb
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Checks computer location settings

Deletes itself

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2