Overview

overview

10

Static

static

3

f851675d47...ed.exe

windows7-x64

10

f851675d47...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f851675d47d9ecf70c7b9872c641af5ee4d0aada66d8b9f78e12378f3e0dbced.exe

  • Size

    574KB

  • Sample

    250327-x28cqaw1es

  • MD5

    bdef8628e224984ef3f6bb1882fcabc8

  • SHA1

    9fea48acc2ac5841e28917d5e867e1efde5a43da

  • SHA256

    f851675d47d9ecf70c7b9872c641af5ee4d0aada66d8b9f78e12378f3e0dbced

  • SHA512

    5f26f7f3df2dfc6d152a697b36f15194e4cccc93c0ca20735407f8baffbaf65cb6a01ffcf8e154aad75ce9d1416c3afaf79bf578527243f4afa8841728e1ff77

  • SSDEEP

    12288:xUjvOn6nzx9gVGNXD0FPnwoBloHlSZ5e4b8ZPBvwQEc23d3H8/x:6j2n6nXwGZkw1g8lJEc23d3c/x

Score
10/10
snakekeyloggercollectiondiscoveryexecutionkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8140229817:AAFB_rWXLBYpG5y8YuqCM4jrhtrPOymstao/sendMessage?chat_id=7730844083

Targets

    • Target

      f851675d47d9ecf70c7b9872c641af5ee4d0aada66d8b9f78e12378f3e0dbced.exe

    • Size

      574KB

    • MD5

      bdef8628e224984ef3f6bb1882fcabc8

    • SHA1

      9fea48acc2ac5841e28917d5e867e1efde5a43da

    • SHA256

      f851675d47d9ecf70c7b9872c641af5ee4d0aada66d8b9f78e12378f3e0dbced

    • SHA512

      5f26f7f3df2dfc6d152a697b36f15194e4cccc93c0ca20735407f8baffbaf65cb6a01ffcf8e154aad75ce9d1416c3afaf79bf578527243f4afa8841728e1ff77

    • SSDEEP

      12288:xUjvOn6nzx9gVGNXD0FPnwoBloHlSZ5e4b8ZPBvwQEc23d3H8/x:6j2n6nXwGZkw1g8lJEc23d3c/x

    Score
    10/10
    snakekeyloggercollectiondiscoveryexecutionkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Snakekeylogger family

      snakekeylogger

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.