snakekeylogger | 530ea48914b6c7e82e89532dd28463db5da66c80fbc0ad25b9e46471b1639260 | Triage

Submit
Reports

Overview

overview

Static

static

3

Baltic que...re.exe

windows7-x64

Baltic que...re.exe

windows10-2004-x64

Sharing

General

Target

Baltic questionnaire.exe
Size

537KB
Sample

240622-wsxn7axhmg
MD5

e0fc3fbaa9aee9e5d558b4d7ce1cec7f
SHA1

00656363e411748463937f255acb9daf174b80ed
SHA256

530ea48914b6c7e82e89532dd28463db5da66c80fbc0ad25b9e46471b1639260
SHA512

b8577b9a2b8a0ba66df7b6b772e9e109bea86448b7e58d50e46888bceea2475988cab0d3c40ad7a1d1a29dae29f9fc8baa9ae836828e800ef8055d97ffa61e26
SSDEEP

12288:/tu+ptgQ+8bw8e4FZp+nOo5PNkDsgKJv/v+PLuSn:/p2Q+Oe4FZkRv/6LB

Score

10^/10

snakekeylogger collection keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Baltic questionnaire.exe

Resource

win7-20240220-en

snakekeylogger collection keylogger spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Baltic questionnaire.exe

Resource

win10v2004-20240611-en

snakekeylogger collection keylogger spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
valleycountysar.org
Port:
26
Username:
[email protected]
Password:
fY,FLoadtsiF

C2

http://103.130.147.85

Targets

- Target
  
  Baltic questionnaire.exe
- Size
  
  537KB
- MD5
  
  e0fc3fbaa9aee9e5d558b4d7ce1cec7f
- SHA1
  
  00656363e411748463937f255acb9daf174b80ed
- SHA256
  
  530ea48914b6c7e82e89532dd28463db5da66c80fbc0ad25b9e46471b1639260
- SHA512
  
  b8577b9a2b8a0ba66df7b6b772e9e109bea86448b7e58d50e46888bceea2475988cab0d3c40ad7a1d1a29dae29f9fc8baa9ae836828e800ef8055d97ffa61e26
- SSDEEP
  
  12288:/tu+ptgQ+8bw8e4FZp+nOo5PNkDsgKJv/v+PLuSn:/p2Q+Oe4FZkRv/6LB
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerspywarestealer

behavioral2

snakekeyloggercollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy