snakekeylogger | fa7aa21342194a1f41eb7a85c3f9f622b73820ba9695a528911e620caaf915df

General

Target

PO250226 (VIETNAM) Regular_1.zip
Size

566KB
Sample

250321-l1q69szp15
MD5

99930a1ef9e7f07c2e39460aa10b35b6
SHA1

c9276e75cb3e9d61cc493ae045910fa5b6edc2b3
SHA256

fa7aa21342194a1f41eb7a85c3f9f622b73820ba9695a528911e620caaf915df
SHA512

07eac13bb2fe9582d153f5d151072f045dfff046d614db6e9d5f32dc673b92b28395cd8345bbe2bb7912a604b744facfad09b12f59d50caf558471c0240d8b7c
SSDEEP

12288:kzBhZs0pLaRb/o4MMxBCA63+HvzLRpjolQ1:kz3C0pSGWBCtGbV5SG

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7622409620:AAGYObz0BTtGB6EjTnYqQW3bW6b_vAkdZK4/sendMessage?chat_id=7000018009

Targets

- Target
  
  PO250226 (VIETNAM) Regular.exe
- Size
  
  983KB
- MD5
  
  6249cd12ccdda8ed2f251879c751c6c8
- SHA1
  
  825dc5e7289f101a172ed4926ac80e766b6ec53f
- SHA256
  
  a606e580983fdd746d8a8f9a4007ecc5b209565356ad3341b7d4cf0793cd4df8
- SHA512
  
  43f4c439dcc29f55d43a6c15313d65eb4908d52a60ddd13d18a78eb96fb8ab8ce1f88d8b2b1ce765f069d7105f5f700bcc2682c2404f68db88f3cc51594a3b2e
- SSDEEP
  
  24576:Ou6J33O0c+JY5UZ+XC0kGso6FanOtVayGHWY:Au0c++OCvkGs9FanOtVaCY
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2