snakekeylogger | 2530ca42857b5d025729fb7736ab224b407ffdbe7039a6c962f1f6e3b706b3d8

General

Target

2530ca42857b5d025729fb7736ab224b407ffdbe7039a6c962f1f6e3b706b3d8
Size

826KB
Sample

250206-z62rvayqeq
MD5

b3b46efad9dac8cd52ffc04fd149f805
SHA1

421f5c82cce3af81ebe1381817c03a5554837a6f
SHA256

2530ca42857b5d025729fb7736ab224b407ffdbe7039a6c962f1f6e3b706b3d8
SHA512

7626f6f5eaca0491c156046f80c92e69d303ef6a2a9460bd3e37158e491556dc88698e52b26696f5d7e33cff722f23be938a195e2f868b26a79cc03a8cc6ff36
SSDEEP

12288:ULkUMXe5y/t1u9OF8IKLMwAL/6HEuwPtqGMyRQCbZ1uhPH7bUk6x:ULm8IKLMx72E9qbCbZ1U7bU3x

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7817497413:AAH6fX2oZGM3XzbbIU69SVEGO80t6mDhjdU/sendMessage?chat_id=1695799026

Targets

- Target
  
  2530ca42857b5d025729fb7736ab224b407ffdbe7039a6c962f1f6e3b706b3d8
- Size
  
  826KB
- MD5
  
  b3b46efad9dac8cd52ffc04fd149f805
- SHA1
  
  421f5c82cce3af81ebe1381817c03a5554837a6f
- SHA256
  
  2530ca42857b5d025729fb7736ab224b407ffdbe7039a6c962f1f6e3b706b3d8
- SHA512
  
  7626f6f5eaca0491c156046f80c92e69d303ef6a2a9460bd3e37158e491556dc88698e52b26696f5d7e33cff722f23be938a195e2f868b26a79cc03a8cc6ff36
- SSDEEP
  
  12288:ULkUMXe5y/t1u9OF8IKLMwAL/6HEuwPtqGMyRQCbZ1uhPH7bUk6x:ULm8IKLMx72E9qbCbZ1U7bU3x
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2