snakekeylogger | 03e78360c525a0b380006cb25a747352f9627da6c5afb25ff4d382473c597dd2

General

Target

z1040224NOVATECHMX87546769.exe
Size

971KB
Sample

250205-vh45vavrbx
MD5

f8f78b7363ad4f8613f5e4d8c1c0c126
SHA1

ae26fdc3f2918ecf28d19f6ee6472990a2966638
SHA256

03e78360c525a0b380006cb25a747352f9627da6c5afb25ff4d382473c597dd2
SHA512

8ddee9904dde8875499d59d1b0de5366ef74aaa0224783f75ca50dcde72c75b8baea7397cd6d4f03eb85f41d6b9f30d80b435613f1e00b3b429e9c20639190b0
SSDEEP

24576:HAHnh+eWsN3skA4RV1Hom2KXFmIaWiFp9QIayD5V5:6h+ZkldoPK1XaWiFTxt

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7920003586:AAHBMriHaNCFiZ4OQ4NdecriTbdf93HSOJo/sendMessage?chat_id=7174574119

Targets

- Target
  
  z1040224NOVATECHMX87546769.exe
- Size
  
  971KB
- MD5
  
  f8f78b7363ad4f8613f5e4d8c1c0c126
- SHA1
  
  ae26fdc3f2918ecf28d19f6ee6472990a2966638
- SHA256
  
  03e78360c525a0b380006cb25a747352f9627da6c5afb25ff4d382473c597dd2
- SHA512
  
  8ddee9904dde8875499d59d1b0de5366ef74aaa0224783f75ca50dcde72c75b8baea7397cd6d4f03eb85f41d6b9f30d80b435613f1e00b3b429e9c20639190b0
- SSDEEP
  
  24576:HAHnh+eWsN3skA4RV1Hom2KXFmIaWiFp9QIayD5V5:6h+ZkldoPK1XaWiFTxt
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2