snakekeylogger | 867d87b1d5e651a0c09864996a672e11ebc6a81f986f26e1daef27f62754f9f2

General

Target

867d87b1d5e651a0c09864996a672e11ebc6a81f986f26e1daef27f62754f9f2.exe
Size

1.1MB
Sample

250207-rj6hhsvnhm
MD5

27d2d287421f2898832b43749be9b874
SHA1

39cd5a044f117ab03e5973d4838fa63042a1e81f
SHA256

867d87b1d5e651a0c09864996a672e11ebc6a81f986f26e1daef27f62754f9f2
SHA512

1a1d7f842b6bb210da2c629bf2396849333c3ed099c3dce363df050d149a2c03feab4e84bfcc56a6b79f75d83df407c89cf96e724983768b65dcb99ea35b2ef7
SSDEEP

24576:Utb20pkaCqT5TBWgNQ7aBMw70USmJo9yVviMI6A:9Vg5tQ7aBdrVq5

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8061096285:AAEYYo-FdY3VzqcT3L8EdN5KV_wk8MmCyiw/sendMessage?chat_id=6557702940

Targets

- Target
  
  867d87b1d5e651a0c09864996a672e11ebc6a81f986f26e1daef27f62754f9f2.exe
- Size
  
  1.1MB
- MD5
  
  27d2d287421f2898832b43749be9b874
- SHA1
  
  39cd5a044f117ab03e5973d4838fa63042a1e81f
- SHA256
  
  867d87b1d5e651a0c09864996a672e11ebc6a81f986f26e1daef27f62754f9f2
- SHA512
  
  1a1d7f842b6bb210da2c629bf2396849333c3ed099c3dce363df050d149a2c03feab4e84bfcc56a6b79f75d83df407c89cf96e724983768b65dcb99ea35b2ef7
- SSDEEP
  
  24576:Utb20pkaCqT5TBWgNQ7aBMw70USmJo9yVviMI6A:9Vg5tQ7aBdrVq5
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2