snakekeylogger | f406a0fd055028ed41cfbc96b9bffb575e14272b26cb5091c7a16f35d15c821b

General

Target

PO#7889296.exe
Size

978KB
Sample

250327-ylhmssyry9
MD5

1312de280df9f1a993e4c3d93764010b
SHA1

8021cc971121660193bf049ad4e20db1421b73f2
SHA256

f406a0fd055028ed41cfbc96b9bffb575e14272b26cb5091c7a16f35d15c821b
SHA512

3e3830e22b1d34beef07557ce859bbeda607e12a5c334749f12428f6a894e4f3a124b6a63b720c72baa5bb21f486b937657fed6f5e2d0d59e5922f7dbc279871
SSDEEP

24576:8u6J33O0c+JY5UZ+XC0kGso6FaVMn6ULbyZvNWY:mu0c++OCvkGs9FaVMnLbyZAY

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7939905545:AAGZ8bMeWRWU5UEZdgj90fd6BDk9K4EMabA/sendMessage?chat_id=7000018009

Targets

- Target
  
  PO#7889296.exe
- Size
  
  978KB
- MD5
  
  1312de280df9f1a993e4c3d93764010b
- SHA1
  
  8021cc971121660193bf049ad4e20db1421b73f2
- SHA256
  
  f406a0fd055028ed41cfbc96b9bffb575e14272b26cb5091c7a16f35d15c821b
- SHA512
  
  3e3830e22b1d34beef07557ce859bbeda607e12a5c334749f12428f6a894e4f3a124b6a63b720c72baa5bb21f486b937657fed6f5e2d0d59e5922f7dbc279871
- SSDEEP
  
  24576:8u6J33O0c+JY5UZ+XC0kGso6FaVMn6ULbyZvNWY:mu0c++OCvkGs9FaVMnLbyZAY
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2