Overview

overview

10

Static

static

3

58879edd32...91.exe

windows7-x64

10

58879edd32...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20828041694.zip

  • Size

    603KB

  • Sample

    250120-ynfwzswmbq

  • MD5

    95a2f0ad810dc34575e008ee754da3d0

  • SHA1

    e85bb0d624ea8fa1752a29f12dbe03e3673b33fd

  • SHA256

    d18e337f970838ef8c730540a54f08657d880b101f3ab74195aed2f58dc1de8a

  • SHA512

    796e55019c260a8266b64b8996febbbb55815ac46a9bc6ffd28cceeef6dca5716ae4dc02619731c25456ef741c26aa7aa28c74f6e58600925741e8dee6e8feac

  • SSDEEP

    12288:3E3v3JVQAvJOrYOQaY/suMiPCa46fGfETfR9XlGxtl2vIl4jdXuL:3g3r1zaYpMANGwGl2Al4VI

Score
10/10
snakekeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      58879edd3284514b87354482a1822e21b78274c597b2fa384198cad00c1e8f91

    • Size

      771KB

    • MD5

      1187cb24299cf87128c17fad188486f8

    • SHA1

      8d82e62cbf96e44b2c85232cfad1e83333dd2b10

    • SHA256

      58879edd3284514b87354482a1822e21b78274c597b2fa384198cad00c1e8f91

    • SHA512

      50db9879ee8fccd47fe7cb3a33e38261326a22c9656ef495fb0bab82dd16a3c0e589deaa3762e37e4af911b1639a4bedfee5a544d40af2f9b23241d191db32f5

    • SSDEEP

      24576:zg7UIdvDcAwV06DPAGnnqU3V69hko36wtz:c7UIdvQRVPDoIn3V69Kcz

    Score
    10/10
    snakekeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Snakekeylogger family

      snakekeylogger

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks