Overview

overview

10

Static

static

5

z69mmxx.exe

windows7-x64

10

z69mmxx.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    z69mmxx.exe

  • Size

    754KB

  • Sample

    250211-rwdchawlgm

  • MD5

    0d27f4c63354d799f66d430e43979c31

  • SHA1

    a9eef10ae00fb0732cd45c4c008bc4e1adb09396

  • SHA256

    ddc5c3db68231527895f8e748df9d80cdb7aa4f12f107652cdce95854af81f86

  • SHA512

    7b577803a066f31418463ced0614bad606c1bbac6866cd86ff07b6facce62adcbc3d565e60b99d1d4259b31fedeb8c9f1c79439a8f31bf9c5f47ff91dffdfa25

  • SSDEEP

    12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aCzVEt3aGpkK:uRmJkcoQricOIQxiZY1iaCz63/kK

Score
10/10
snakekeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7628028410:AAEpbCbHTWOy3r7fqeLD67OvGFoUK2pQiBw/sendMessage?chat_id=7337843299

Targets

    • Target

      z69mmxx.exe

    • Size

      754KB

    • MD5

      0d27f4c63354d799f66d430e43979c31

    • SHA1

      a9eef10ae00fb0732cd45c4c008bc4e1adb09396

    • SHA256

      ddc5c3db68231527895f8e748df9d80cdb7aa4f12f107652cdce95854af81f86

    • SHA512

      7b577803a066f31418463ced0614bad606c1bbac6866cd86ff07b6facce62adcbc3d565e60b99d1d4259b31fedeb8c9f1c79439a8f31bf9c5f47ff91dffdfa25

    • SSDEEP

      12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aCzVEt3aGpkK:uRmJkcoQricOIQxiZY1iaCz63/kK

    Score
    10/10
    snakekeyloggercollectiondiscoverykeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Snakekeylogger family

      snakekeylogger

    • Downloads MZ/PE file

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks