snakekeylogger | 98582996057c7dd314303f6119b6d34d03eaab62f53abe5487b64e9d8c9ac5d1

General

Target

PO#P18620782.exe
Size

598KB
Sample

250327-s5e35atzf1
MD5

9e3516338367cb1d76f39f907d912225
SHA1

e64c8000b0d6ba41ef6cbe878f902d742eed658b
SHA256

98582996057c7dd314303f6119b6d34d03eaab62f53abe5487b64e9d8c9ac5d1
SHA512

f7a9d4b43b032c52c3431e8b64e2c16c57f8d1328289329b412f50bbffc5aa824a2059b20ea39601248184668e29df58c305a0c6e7369fba062eaaec586c04e7
SSDEEP

12288:Gd03YyOn6nzxXcq/TbRqr3XhyRxxr91Y+2mD7Fd7I3n5fw/7:xY9n6n7/Whyfn1YG/Fd7I3O/7

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8152393919:AAFcv9D2OhgJkwW5R_jm9t4Pm6asb_5vQdk/sendMessage?chat_id=1437092720

Targets

- Target
  
  PO#P18620782.exe
- Size
  
  598KB
- MD5
  
  9e3516338367cb1d76f39f907d912225
- SHA1
  
  e64c8000b0d6ba41ef6cbe878f902d742eed658b
- SHA256
  
  98582996057c7dd314303f6119b6d34d03eaab62f53abe5487b64e9d8c9ac5d1
- SHA512
  
  f7a9d4b43b032c52c3431e8b64e2c16c57f8d1328289329b412f50bbffc5aa824a2059b20ea39601248184668e29df58c305a0c6e7369fba062eaaec586c04e7
- SSDEEP
  
  12288:Gd03YyOn6nzxXcq/TbRqr3XhyRxxr91Y+2mD7Fd7I3n5fw/7:xY9n6n7/Whyfn1YG/Fd7I3O/7
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2