snakekeylogger | d0d28661ec38fa97bd723628c065471e1c58b6d3918fd988b43cdf0aee2815a3

General

Target

d0d28661ec38fa97bd723628c065471e1c58b6d3918fd988b43cdf0aee2815a3.exe
Size

807KB
Sample

250110-sahwjaxnhw
MD5

22b0c4defec129bb6a33fc44f1499910
SHA1

4f5d255970be2c547916a72d2db99ed5b02a89b7
SHA256

d0d28661ec38fa97bd723628c065471e1c58b6d3918fd988b43cdf0aee2815a3
SHA512

63ba4513e693638e2365d357e6757a7268134c2c0385644a6118cf79fb046e44517eee1f22853fc7d4c5875bac00d56c0ac6c8a01dca76c0cded2b7dc991da53
SSDEEP

24576:5MaSSKy2/SPNc0PrH5yj15ALOF+gGQ5p/i:5RQ5s/gt

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.yulifertilizer.com.my
Port:
25
Username:
[email protected]
Password:
Ayfc931319*
Email To:
[email protected]

Targets

- Target
  
  d0d28661ec38fa97bd723628c065471e1c58b6d3918fd988b43cdf0aee2815a3.exe
- Size
  
  807KB
- MD5
  
  22b0c4defec129bb6a33fc44f1499910
- SHA1
  
  4f5d255970be2c547916a72d2db99ed5b02a89b7
- SHA256
  
  d0d28661ec38fa97bd723628c065471e1c58b6d3918fd988b43cdf0aee2815a3
- SHA512
  
  63ba4513e693638e2365d357e6757a7268134c2c0385644a6118cf79fb046e44517eee1f22853fc7d4c5875bac00d56c0ac6c8a01dca76c0cded2b7dc991da53
- SSDEEP
  
  24576:5MaSSKy2/SPNc0PrH5yj15ALOF+gGQ5p/i:5RQ5s/gt
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Checks computer location settings

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2