snakekeylogger | 9507d066ed50f2910aaaff7e9f75525aa6c040f2a80e4f8bf47e80e67f4fbf99

General

Target

9507d066ed50f2910aaaff7e9f75525aa6c040f2a80e4f8bf47e80e67f4fbf99
Size

566KB
Sample

250320-lstx7aztgv
MD5

b3b2d608639e90affdde1fb1460c1fe0
SHA1

cddbda37610d5e5876940d106c4a85d0ab7e01ea
SHA256

9507d066ed50f2910aaaff7e9f75525aa6c040f2a80e4f8bf47e80e67f4fbf99
SHA512

5b89dec091a6bd0869fd15e50e675a9752f243cd795f8195fd0831776f6a4586bb98f088bb82593ba3b612e27c960ddb34c7856b0f08cb0ec181d5978763669c
SSDEEP

12288:8zBhZs0pLaRb/o4MMxBCA63+HvzLRpjolQH:8z3C0pSGWBCtGbV5S+

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7622409620:AAGYObz0BTtGB6EjTnYqQW3bW6b_vAkdZK4/sendMessage?chat_id=7000018009

Targets

- Target
  
  Quotation.exe
- Size
  
  983KB
- MD5
  
  6249cd12ccdda8ed2f251879c751c6c8
- SHA1
  
  825dc5e7289f101a172ed4926ac80e766b6ec53f
- SHA256
  
  a606e580983fdd746d8a8f9a4007ecc5b209565356ad3341b7d4cf0793cd4df8
- SHA512
  
  43f4c439dcc29f55d43a6c15313d65eb4908d52a60ddd13d18a78eb96fb8ab8ce1f88d8b2b1ce765f069d7105f5f700bcc2682c2404f68db88f3cc51594a3b2e
- SSDEEP
  
  24576:Ou6J33O0c+JY5UZ+XC0kGso6FanOtVayGHWY:Au0c++OCvkGs9FanOtVaCY
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2