snakekeylogger | 63720cee53de8a33b4f221bbb0950e09d8eb5652beda60f99ed98165ebc447e2 | Triage

Submit
Reports

Overview

overview

Static

static

3

CTM BREAKDOWN.zip

windows7-x64

1

CTM BREAKDOWN.zip

windows10-2004-x64

1

CTM BREAKDOWN.exe

windows7-x64

CTM BREAKDOWN.exe

windows10-2004-x64

Sharing

General

Target

CTM BREAKDOWN.zip
Size

307KB
Sample

240627-vmaf2atbln
MD5

cbd42607e0f9ee22a8b54e9cd4ed0c98
SHA1

1ed157bfc9bcb0aa7e6dae20045deb5f3275ab5b
SHA256

63720cee53de8a33b4f221bbb0950e09d8eb5652beda60f99ed98165ebc447e2
SHA512

2d29057e98ccc9c84ebd47c8de2a051c0aab2171452d992294865980d21ae6865fc57e4af6b8e2444c8d28f6256e83c35f794e9db4bb154d99c9c1664e3dabfa
SSDEEP

6144:ROJlp2RT7aWOoc5/SulAtfPmv2/2TJ4hs44GS8pgF3Q4md:4bURT7abp5quKtfejT8Xpge

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

CTM BREAKDOWN.zip

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

CTM BREAKDOWN.zip

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

CTM BREAKDOWN.exe

Resource

win7-20240419-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral4

Sample

CTM BREAKDOWN.exe

Resource

win10v2004-20240508-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.valleycountysar.org
Port:
587
Username:
[email protected]
Password:
DKw(r0%wpbd]

C2

http://103.130.147.85

Targets

- Target
  
  CTM BREAKDOWN.zip
- Size
  
  307KB
- MD5
  
  cbd42607e0f9ee22a8b54e9cd4ed0c98
- SHA1
  
  1ed157bfc9bcb0aa7e6dae20045deb5f3275ab5b
- SHA256
  
  63720cee53de8a33b4f221bbb0950e09d8eb5652beda60f99ed98165ebc447e2
- SHA512
  
  2d29057e98ccc9c84ebd47c8de2a051c0aab2171452d992294865980d21ae6865fc57e4af6b8e2444c8d28f6256e83c35f794e9db4bb154d99c9c1664e3dabfa
- SSDEEP
  
  6144:ROJlp2RT7aWOoc5/SulAtfPmv2/2TJ4hs44GS8pgF3Q4md:4bURT7abp5quKtfejT8Xpge
Score

1^/10
behavioral1 behavioral2
- Target
  
  CTM BREAKDOWN.exe
- Size
  
  537KB
- MD5
  
  3e97c23c4c1c6f721c910c08e25a60cc
- SHA1
  
  d92304392377198b3b3cd95aa8de1572d75d7fb8
- SHA256
  
  4e2186d44f67e0ebc4ee9ecd68191b31849604930dd5babe6106e1e191b7874c
- SHA512
  
  6a2007d1a0660bb53f4a191b662241b8242e5e2e3ab6e220735da068cb69a6259465d2f5b5e533bdf3f4b36a7fde5edd75c4962afbb43edd8e39f151e2b3dbb5
- SSDEEP
  
  12288:/sdrEx695u8R6GfeZPrTxegfLiAUR0Jv/v+HLuSn:0drEsTu8kGfeZzTxegfmlUv/CLB
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

snakekeyloggerkeyloggerstealer

behavioral4

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy