snakekeylogger | a5fd3881443c22686f44f95392f2ad3645e2ce59868df87078be5f825c1fa947 | Triage

Submit
Reports

Overview

overview

Static

static

5

a5fd388144...47.exe

windows7-x64

a5fd388144...47.exe

windows10-2004-x64

7

Sharing

General

Target

a5fd3881443c22686f44f95392f2ad3645e2ce59868df87078be5f825c1fa947.exe
Size

1.1MB
Sample

240625-b4m9nsxbrm
MD5

b4c98a79ece4709578cb71687dd964ef
SHA1

eb46ffca99c82668f5dae7f3097d103d8254bf2c
SHA256

a5fd3881443c22686f44f95392f2ad3645e2ce59868df87078be5f825c1fa947
SHA512

e5f19a3acb38789f429d0dcce061498aa5c3083c5da56aa9a27e1951b23f892366f404658a5e84ffcd517cd42fa67adc86ab46236d3bcf925f85499c5d99f31c
SSDEEP

24576:gAHnh+eWsN3skA4RV1Hom2KXMmHa3xpvrd1TpY2zntv7UrIGwOn5:Xh+ZkldoPK8Ya3xhTLzntvgrIg

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a5fd3881443c22686f44f95392f2ad3645e2ce59868df87078be5f825c1fa947.exe

Resource

win7-20240220-en

snakekeylogger collection keylogger stealer

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

a5fd3881443c22686f44f95392f2ad3645e2ce59868df87078be5f825c1fa947.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  a5fd3881443c22686f44f95392f2ad3645e2ce59868df87078be5f825c1fa947.exe
- Size
  
  1.1MB
- MD5
  
  b4c98a79ece4709578cb71687dd964ef
- SHA1
  
  eb46ffca99c82668f5dae7f3097d103d8254bf2c
- SHA256
  
  a5fd3881443c22686f44f95392f2ad3645e2ce59868df87078be5f825c1fa947
- SHA512
  
  e5f19a3acb38789f429d0dcce061498aa5c3083c5da56aa9a27e1951b23f892366f404658a5e84ffcd517cd42fa67adc86ab46236d3bcf925f85499c5d99f31c
- SSDEEP
  
  24576:gAHnh+eWsN3skA4RV1Hom2KXMmHa3xpvrd1TpY2zntv7UrIGwOn5:Xh+ZkldoPK8Ya3xhTLzntvgrIg
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables with potential process hoocking
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy