snakekeylogger | 039c261036b80fd500607279933c43c4f1c78fdba1b54a9edbc8217df49ec154 | Triage

Submit
Reports

Overview

overview

Static

static

039c261036...54.exe

windows7_x64

039c261036...54.exe

windows10-2004_x64

Sharing

General

Target

039c261036b80fd500607279933c43c4f1c78fdba1b54a9edbc8217df49ec154.exe
Size

470KB
Sample

220425-f2j7fsbde8
MD5

5ca02369b45067fe039314f38b286767
SHA1

b11ff0b977b16863c34dc35126f1d3d13ab5cc4f
SHA256

039c261036b80fd500607279933c43c4f1c78fdba1b54a9edbc8217df49ec154
SHA512

302c954d724d00309a650661689316fd0898135463882af5ca787cdef4cf9c60e2144dc2f55f80ed6df5e7141730433e1c92ae68eb0f379f1473d050abf0d1a4

Score

10^/10

snakekeylogger collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

039c261036b80fd500607279933c43c4f1c78fdba1b54a9edbc8217df49ec154.exe

Resource

win7-20220414-en

collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

039c261036b80fd500607279933c43c4f1c78fdba1b54a9edbc8217df49ec154.exe

Resource

win10v2004-20220414-en

collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: ftp
Host:
ftp://103.147.185.85/
Port:
21
Username:
bvhfgas7
Password:
qwoour55

Extracted

Credentials

Protocol: ftp
Host:
103.147.185.85
Port:
21
Username:
bvhfgas7
Password:
qwoour55

Targets

- Target
  
  039c261036b80fd500607279933c43c4f1c78fdba1b54a9edbc8217df49ec154.exe
- Size
  
  470KB
- MD5
  
  5ca02369b45067fe039314f38b286767
- SHA1
  
  b11ff0b977b16863c34dc35126f1d3d13ab5cc4f
- SHA256
  
  039c261036b80fd500607279933c43c4f1c78fdba1b54a9edbc8217df49ec154
- SHA512
  
  302c954d724d00309a650661689316fd0898135463882af5ca787cdef4cf9c60e2144dc2f55f80ed6df5e7141730433e1c92ae68eb0f379f1473d050abf0d1a4
Score

10^/10

collection spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

collectionspywarestealer

behavioral2

collectionspywarestealer

© 2018-2024

Terms | Privacy