snakekeylogger | bfe848846a7d76ad51726479216d0274981593d2ab79fe8b50f8be092e44b385

General

Target

10022025_1526_AWB_5771388044ShippingDocuments.exe.iso
Size

1.0MB
Sample

250210-s2qqfswrdy
MD5

c112ab266ce4a25df5cae5f0f0d9bd3f
SHA1

2fe1182c1e1bbf7899d73d11e07c8a0f4e1dd6d8
SHA256

bfe848846a7d76ad51726479216d0274981593d2ab79fe8b50f8be092e44b385
SHA512

af4b85cd469a24535deba012563a13dfeac79aa4842518028592e43aa883a21c04444160c79406ec449028e6895da05d19d0c7444ee1c09fb1ca73741d38adad
SSDEEP

24576:iAHnh+eWsN3skA4RV1Hom2KXFmIaJK8z3JCeuk5:lh+ZkldoPK1XaJK8zLF

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7492559731:AAHoe21wjCcHLOPd--6Hzpq-A33LHera2GU/sendMessage?chat_id=7607163233

Targets

- Target
  
  AWB_5771388044 Shipping Documents.exe
- Size
  
  966KB
- MD5
  
  faaa0b1516e7cc0a92ec6b709de0c8d3
- SHA1
  
  cbd44378800bfe17f6a28c7ec8f0665757334e87
- SHA256
  
  4b8dd62f79ca042ae3f3706490ba56b9ff32e781e690c77cff7174c8bdc4126d
- SHA512
  
  65de8d735466dd084f5b1b1e766d2adc64f217de47350fdbaed4f873d72e9e05c0044df06fc0a225e7ce179e40943593cd6507c50d65b00ac952b9b115e17895
- SSDEEP
  
  24576:iAHnh+eWsN3skA4RV1Hom2KXFmIaJK8z3JCeuk5:lh+ZkldoPK1XaJK8zLF
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Downloads MZ/PE file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

System Network Configuration Discovery

1

T1016

Internet Connection Discovery

1

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Downloads MZ/PE file

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2