snakekeylogger | 6aa3f6881dc4470bc2cd9488d3cbf752793cc27e390fb4f4071da5b2fb4e4d33 | Triage

Submit
Reports

Overview

overview

Static

static

3

NYMPH THET...2B.zip

windows7-x64

1

NYMPH THET...2B.zip

windows10-2004-x64

1

NYMPH THET...2B.exe

windows7-x64

NYMPH THET...2B.exe

windows10-2004-x64

Sharing

General

Target

NYMPH THETIS V2402B.zip
Size

306KB
Sample

240627-vhak8s1bkc
MD5

6d2d2598e209a04ea8a9507946e8bfb3
SHA1

1c3b34e113a1399302a7add29fc1f4cba4c1c272
SHA256

6aa3f6881dc4470bc2cd9488d3cbf752793cc27e390fb4f4071da5b2fb4e4d33
SHA512

967605e11abd6e616331006c74a0959aab840e1686b952db4cec500a2ad295f362ef88b0dbd341f8e8e18caf183e1da55f98f51fb9d85f2cc6a073fdff161a43
SSDEEP

6144:tOV/iM7NRweN/gI5af0Q25gLVD7Yfi56/G97ye7xWicWlMzgGaBtFNUxTgb:MV/iMNRDN/75afQ52QrRFicVMnBzp

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NYMPH THETIS V2402B.zip

Resource

win7-20240611-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

NYMPH THETIS V2402B.zip

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

NYMPH THETIS V2402B.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral4

Sample

NYMPH THETIS V2402B.exe

Resource

win10v2004-20240611-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.valleycountysar.org
Port:
587
Username:
[email protected]
Password:
DKw(r0%wpbd]

C2

http://103.130.147.85

Targets

- Target
  
  NYMPH THETIS V2402B.zip
- Size
  
  306KB
- MD5
  
  6d2d2598e209a04ea8a9507946e8bfb3
- SHA1
  
  1c3b34e113a1399302a7add29fc1f4cba4c1c272
- SHA256
  
  6aa3f6881dc4470bc2cd9488d3cbf752793cc27e390fb4f4071da5b2fb4e4d33
- SHA512
  
  967605e11abd6e616331006c74a0959aab840e1686b952db4cec500a2ad295f362ef88b0dbd341f8e8e18caf183e1da55f98f51fb9d85f2cc6a073fdff161a43
- SSDEEP
  
  6144:tOV/iM7NRweN/gI5af0Q25gLVD7Yfi56/G97ye7xWicWlMzgGaBtFNUxTgb:MV/iMNRDN/75afQ52QrRFicVMnBzp
Score

1^/10
behavioral1 behavioral2
- Target
  
  NYMPH THETIS V2402B.exe
- Size
  
  537KB
- MD5
  
  2bb3a0278b348e2111eb424e5d554081
- SHA1
  
  c5e880229775d114cc5d4560f41360d999e7461a
- SHA256
  
  1da9c25bf39cdfdf6d448c0f4823db54848fc65e1ef41656900479f83013aa54
- SHA512
  
  b94412e774b3cb0fb78cc7e0abaf2645f9077635b9d7fb730c6942918c02624911db35ba55ccabcec079bbc9d15ee33997a28c7b01dc9350000971a924a3798a
- SSDEEP
  
  12288:/JREc4DmRRAEQbw5Is89pOpRiWsLJv/v+SLuSn:T/bYU5DCpOp8zFv/XLB
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

snakekeyloggerkeyloggerstealer

behavioral4

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy