snakekeylogger | f3c498fb56e03eb5d37b1bacf4c360cf880a7b25f5b338d1fc2efb2336f3255b

General

Target

f3c498fb56e03eb5d37b1bacf4c360cf880a7b25f5b338d1fc2efb2336f3255b
Size

956KB
Sample

250220-ls7jaasleq
MD5

646d6a8071101735cda455a8fa55b43f
SHA1

6bff90bad9c6e5c61b07fa19de0e40f6df0d9c85
SHA256

f3c498fb56e03eb5d37b1bacf4c360cf880a7b25f5b338d1fc2efb2336f3255b
SHA512

3a4582685d5c4e715046f77dbeaa13b7c5998a8a891d8db27618869d0e694008e07b481d77c2cda9238257358b2c1dedae8e4273f96da9fea81627ce637a0bd1
SSDEEP

24576:Nu6J33O0c+JY5UZ+XC0kGso6FaHIj28u8WY:/u0c++OCvkGs9FaHI68EY

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7335410877:AAHBMeSn7K8p-NY6dklN-m5n2viykY0OFhs/sendMessage?chat_id=7747524028

Targets

- Target
  
  f3c498fb56e03eb5d37b1bacf4c360cf880a7b25f5b338d1fc2efb2336f3255b
- Size
  
  956KB
- MD5
  
  646d6a8071101735cda455a8fa55b43f
- SHA1
  
  6bff90bad9c6e5c61b07fa19de0e40f6df0d9c85
- SHA256
  
  f3c498fb56e03eb5d37b1bacf4c360cf880a7b25f5b338d1fc2efb2336f3255b
- SHA512
  
  3a4582685d5c4e715046f77dbeaa13b7c5998a8a891d8db27618869d0e694008e07b481d77c2cda9238257358b2c1dedae8e4273f96da9fea81627ce637a0bd1
- SSDEEP
  
  24576:Nu6J33O0c+JY5UZ+XC0kGso6FaHIj28u8WY:/u0c++OCvkGs9FaHI68EY
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2