snakekeylogger | 4e415619e7c0afc2f2e58deb353a682795353f0bea3d0b0498d8ddc5c1da6af9 | Triage

Submit
Reports

Overview

overview

Static

static

3

4e415619e7...f9.exe

windows7-x64

4e415619e7...f9.exe

windows10-2004-x64

Sharing

General

Target

4e415619e7c0afc2f2e58deb353a682795353f0bea3d0b0498d8ddc5c1da6af9.exe
Size

521KB
Sample

240627-bneycsvcpg
MD5

798917173088921d8ba248e941690e11
SHA1

88fd67eaf675f2db3e2ad9143bce6d8d3713835c
SHA256

4e415619e7c0afc2f2e58deb353a682795353f0bea3d0b0498d8ddc5c1da6af9
SHA512

48947b6e3ab56a83220137b3ec4a5cefaa03474affdc521642bf4a4e1a81da0d43730af54c7c01e2aeb86555ffbb5a95cfe2c1ea58b99e6dc940420e49793116
SSDEEP

6144:cTVFZInd6Xcfg9UYkn08VxTKv6Io8/i2qvv+bGnJ3GUzF+TgtGim/hImg6pod:c5kndm/knzLKvFo8nqv2iJHtUimOtLd

Score

10^/10

snakekeylogger collection keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4e415619e7c0afc2f2e58deb353a682795353f0bea3d0b0498d8ddc5c1da6af9.exe

Resource

win7-20240611-en

snakekeylogger collection keylogger spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

4e415619e7c0afc2f2e58deb353a682795353f0bea3d0b0498d8ddc5c1da6af9.exe

Resource

win10v2004-20240508-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
valleycountysar.org
Port:
26
Username:
[email protected]
Password:
i~~Ga+6_-~V*

Targets

- Target
  
  4e415619e7c0afc2f2e58deb353a682795353f0bea3d0b0498d8ddc5c1da6af9.exe
- Size
  
  521KB
- MD5
  
  798917173088921d8ba248e941690e11
- SHA1
  
  88fd67eaf675f2db3e2ad9143bce6d8d3713835c
- SHA256
  
  4e415619e7c0afc2f2e58deb353a682795353f0bea3d0b0498d8ddc5c1da6af9
- SHA512
  
  48947b6e3ab56a83220137b3ec4a5cefaa03474affdc521642bf4a4e1a81da0d43730af54c7c01e2aeb86555ffbb5a95cfe2c1ea58b99e6dc940420e49793116
- SSDEEP
  
  6144:cTVFZInd6Xcfg9UYkn08VxTKv6Io8/i2qvv+bGnJ3GUzF+TgtGim/hImg6pod:c5kndm/knzLKvFo8nqv2iJHtUimOtLd
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerspywarestealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy