snakekeylogger | dd7fcb9baee79f7519262d83c27b0cbe76966c5846b976f1896de0ca479419fd

General

Target

SZ062117A.exe
Size

942KB
Sample

250217-lltnvaxqbw
MD5

2bac43e16b8628df64137abc1c4f2c14
SHA1

252c420492ce99370879e32f256e7799541cf923
SHA256

dd7fcb9baee79f7519262d83c27b0cbe76966c5846b976f1896de0ca479419fd
SHA512

8928da4183e8f96a655572d4afd9ad09464d38422e1b2cf3f11aca2e3a3f9bd865e30a3809202a8225f5d91d41dd5b9c054735a73958168c3302f3a08e84a43b
SSDEEP

24576:su6J33O0c+JY5UZ+XC0kGso6FaVHAIq/t8ZWY:2u0c++OCvkGs9FaVgtY

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7714252675:AAF5QV9JMA3smvi43h79F0rQKxWsloUPXGE/sendMessage?chat_id=6157416799

Targets

- Target
  
  SZ062117A.exe
- Size
  
  942KB
- MD5
  
  2bac43e16b8628df64137abc1c4f2c14
- SHA1
  
  252c420492ce99370879e32f256e7799541cf923
- SHA256
  
  dd7fcb9baee79f7519262d83c27b0cbe76966c5846b976f1896de0ca479419fd
- SHA512
  
  8928da4183e8f96a655572d4afd9ad09464d38422e1b2cf3f11aca2e3a3f9bd865e30a3809202a8225f5d91d41dd5b9c054735a73958168c3302f3a08e84a43b
- SSDEEP
  
  24576:su6J33O0c+JY5UZ+XC0kGso6FaVHAIq/t8ZWY:2u0c++OCvkGs9FaVgtY
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Downloads MZ/PE file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

System Network Configuration Discovery

1

T1016

Internet Connection Discovery

1

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Downloads MZ/PE file

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2