Overview

overview

10

Static

static

3

G1634-3857...ed.exe

windows7-x64

3

G1634-3857...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    571be9f4c3146cd7e82dfac9788c56aa9fa765a9e492b1157e409dcd4c969036

  • Size

    527KB

  • Sample

    250327-h6tykayvex

  • MD5

    a21b5e0e55f8659d96a1abdb9741647e

  • SHA1

    34c740d1b8da0a614931222cfb086bcb00101fd4

  • SHA256

    571be9f4c3146cd7e82dfac9788c56aa9fa765a9e492b1157e409dcd4c969036

  • SHA512

    497b4f608fc38944c7bf153914b780a809a2b266fb82aff2694127b175738c5fe0c8601b27935ac3b10804d4693754835c94590b9dee56c6831cffecee9f9f4f

  • SSDEEP

    12288:LBHIKSX/GR+GTI3Y6JYu48FGu67gks4u9QgKceCPXJ:LmKSPGRjI5J+M67IG1ce2J

Score
10/10
snakekeyloggercollectiondiscoverykeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7771414253:AAEI6ViUbLcxoGeVLOmbEoP7NXWSkDDW9Fo/sendMessage?chat_id=1695799026

Targets

    • Target

      G1634-385760. approved.exe

    • Size

      640KB

    • MD5

      6ad52612b645fa22eab78384cb1a7b34

    • SHA1

      dd56aa5b46aa1354a4a54288cd24fc8762f6b8f0

    • SHA256

      77c9fddfb4cd4c0281bf1073491173b12e53886446aaf899ed2fe0d8fca451ab

    • SHA512

      064005780b67682234e5285d611949dcb5a13a58afee20945d3112a23a653afe316bc9ad602a48d732958c3d9c54f7be3ce7d0c7329b752789c4c1bd3e0168f4

    • SSDEEP

      12288:O3h9fTem2mOxSLoI0nGc+u48FG9UHWs4u7QLvnbmjRDe:Qh9ft23koI6YM4UToLvbm

    Score
    10/10
    discoverysnakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Snakekeylogger family

      snakekeylogger

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.