snakekeylogger | 5bf0cf3d590605a0f8aeef0cb6bbf2520905e8ebd48682c7c5cdd5f55286a8a6

General

Target

5bf0cf3d590605a0f8aeef0cb6bbf2520905e8ebd48682c7c5cdd5f55286a8a6.exe
Size

807KB
Sample

250113-m3dvdssjfr
MD5

fee3c4b6611105b43993848c321a876a
SHA1

9cb471805bb2679bcd0cfc794f8301e86e2bacfc
SHA256

5bf0cf3d590605a0f8aeef0cb6bbf2520905e8ebd48682c7c5cdd5f55286a8a6
SHA512

6d8d16d89cd0c22a8c402e7ac378bd1a41b4c117f52f521c674d89b1fb0d064eaaa757fa2db3765ca97c412c7954438d08d32be75f5fe53677f3c3dde8b9becf
SSDEEP

24576:5MaSSKy2/SPNc0PrH5yj15ALOF+gGQ5p/i+:5RQ5s/gtN

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.yulifertilizer.com.my
Port:
25
Username:
[email protected]
Password:
Ayfc931319*
Email To:
[email protected]

Targets

- Target
  
  5bf0cf3d590605a0f8aeef0cb6bbf2520905e8ebd48682c7c5cdd5f55286a8a6.exe
- Size
  
  807KB
- MD5
  
  fee3c4b6611105b43993848c321a876a
- SHA1
  
  9cb471805bb2679bcd0cfc794f8301e86e2bacfc
- SHA256
  
  5bf0cf3d590605a0f8aeef0cb6bbf2520905e8ebd48682c7c5cdd5f55286a8a6
- SHA512
  
  6d8d16d89cd0c22a8c402e7ac378bd1a41b4c117f52f521c674d89b1fb0d064eaaa757fa2db3765ca97c412c7954438d08d32be75f5fe53677f3c3dde8b9becf
- SSDEEP
  
  24576:5MaSSKy2/SPNc0PrH5yj15ALOF+gGQ5p/i+:5RQ5s/gtN
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Checks computer location settings

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2