snakekeylogger | e1c4089327fb30ab540a7c2c28603d498c06f09198bd9a092a1e138f95c91120 | Triage

Submit
Reports

Overview

overview

Static

static

3

e1c4089327...20.exe

windows7-x64

e1c4089327...20.exe

windows10-2004-x64

Sharing

General

Target

e1c4089327fb30ab540a7c2c28603d498c06f09198bd9a092a1e138f95c91120.exe
Size

687KB
Sample

240625-ccvp4sxgrm
MD5

17dbe32cf7729484300fe788aba6988e
SHA1

2d1ea99bcc2fb89fae2e7fadfd5110e6bf018ad5
SHA256

e1c4089327fb30ab540a7c2c28603d498c06f09198bd9a092a1e138f95c91120
SHA512

fe222afbfa6139dbec6fddf7cb27f6dc0ac23ba58d7153db6172d816bf0d45137017277bd875983cf6ed72d8d841c09a2eb64b7143da0a0b7910d64944476a46
SSDEEP

12288:rmIOdB2g4wmof2NP4T/k4GfX7CtyURiaWVpX1rBhEWIXsnQTN7heJ8Vxfv6j:eFmps/OX7CtbB0l9hzIXFTJhPxHO

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e1c4089327fb30ab540a7c2c28603d498c06f09198bd9a092a1e138f95c91120.exe

Resource

win7-20231129-en

snakekeylogger collection keylogger stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

e1c4089327fb30ab540a7c2c28603d498c06f09198bd9a092a1e138f95c91120.exe

Resource

win10v2004-20240226-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

http://103.130.147.85

Targets

- Target
  
  e1c4089327fb30ab540a7c2c28603d498c06f09198bd9a092a1e138f95c91120.exe
- Size
  
  687KB
- MD5
  
  17dbe32cf7729484300fe788aba6988e
- SHA1
  
  2d1ea99bcc2fb89fae2e7fadfd5110e6bf018ad5
- SHA256
  
  e1c4089327fb30ab540a7c2c28603d498c06f09198bd9a092a1e138f95c91120
- SHA512
  
  fe222afbfa6139dbec6fddf7cb27f6dc0ac23ba58d7153db6172d816bf0d45137017277bd875983cf6ed72d8d841c09a2eb64b7143da0a0b7910d64944476a46
- SSDEEP
  
  12288:rmIOdB2g4wmof2NP4T/k4GfX7CtyURiaWVpX1rBhEWIXsnQTN7heJ8Vxfv6j:eFmps/OX7CtbB0l9hzIXFTJhPxHO
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables packed with SmartAssembly
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables with potential process hoocking
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy