snakekeylogger | e43f4f5010e9eba084c27804f7c9bf915f43fe429746474e0d3b038230623f4c

General

Target

Sigmanly_e43f4f5010e9eba084c27804f7c9bf915f43fe429746474e0d3b038230623f4c
Size

697KB
Sample

250203-v1d2dazjfp
MD5

4906140462c2a2f07e56946afc0883ff
SHA1

86d0a5d36b3dd076790ccbda9de3743492fa3457
SHA256

e43f4f5010e9eba084c27804f7c9bf915f43fe429746474e0d3b038230623f4c
SHA512

95c4925c84d18643cb68b870ae9de22f32ff885e38bb5c7b5850da3a7cbd2fad5b5fd8d1a587cef6431167a232f2fe9fc47c271b9e55b2955a0af4a0db14a23c
SSDEEP

12288:CM1RHPMU5TB+RarSPrLFxowd6yKyqnQyVxhXylpOeO7d:CMHVt+UST866y8nZVTCle7

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.daipro.com.mx
Port:
587
Username:
[email protected]
Password:
DAIpro123**
Email To:
[email protected]

C2

https://scratchdreams.tk

Targets

- Target
  
  Sigmanly_e43f4f5010e9eba084c27804f7c9bf915f43fe429746474e0d3b038230623f4c
- Size
  
  697KB
- MD5
  
  4906140462c2a2f07e56946afc0883ff
- SHA1
  
  86d0a5d36b3dd076790ccbda9de3743492fa3457
- SHA256
  
  e43f4f5010e9eba084c27804f7c9bf915f43fe429746474e0d3b038230623f4c
- SHA512
  
  95c4925c84d18643cb68b870ae9de22f32ff885e38bb5c7b5850da3a7cbd2fad5b5fd8d1a587cef6431167a232f2fe9fc47c271b9e55b2955a0af4a0db14a23c
- SSDEEP
  
  12288:CM1RHPMU5TB+RarSPrLFxowd6yKyqnQyVxhXylpOeO7d:CMHVt+UST866y8nZVTCle7
Score

10^/10

snakekeylogger collection discovery execution keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2