snakekeylogger | f366a3ae7288d8c79063044af4427617ec227ebc960cf143dc0a020f3827b92e

General

Target

f366a3ae7288d8c79063044af4427617ec227ebc960cf143dc0a020f3827b92e.exe
Size

465KB
Sample

250207-rs412strb1
MD5

e478ed355e068b56b658d62359cff6ca
SHA1

7c394f05d4eaba81e427f79bba08a5d413809537
SHA256

f366a3ae7288d8c79063044af4427617ec227ebc960cf143dc0a020f3827b92e
SHA512

7883fa17e55dfe58261cd50e2789aa8a0c4a940fad2e295879718c7409ffed6001cd688801e64e09613291af0577626b161da40de2e999ef72c3a1f600221c2e
SSDEEP

12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcmwmkVOvtJmUHJ/r:hBXu9HGaVHmwN4Jm2Nr

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
ssl0.ovh.net
Port:
587
Username:
[email protected]
Password:
sj4Ub78kk
Email To:
[email protected]

Targets

- Target
  
  f366a3ae7288d8c79063044af4427617ec227ebc960cf143dc0a020f3827b92e.exe
- Size
  
  465KB
- MD5
  
  e478ed355e068b56b658d62359cff6ca
- SHA1
  
  7c394f05d4eaba81e427f79bba08a5d413809537
- SHA256
  
  f366a3ae7288d8c79063044af4427617ec227ebc960cf143dc0a020f3827b92e
- SHA512
  
  7883fa17e55dfe58261cd50e2789aa8a0c4a940fad2e295879718c7409ffed6001cd688801e64e09613291af0577626b161da40de2e999ef72c3a1f600221c2e
- SSDEEP
  
  12288:SYV6MorX7qzuC3QHO9FQVHPF51jgcmwmkVOvtJmUHJ/r:hBXu9HGaVHmwN4Jm2Nr
Score

10^/10

snakekeylogger collection discovery keylogger stealer upx
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2