snakekeylogger | a160642ccf07ca3f837ed3070d3790a5bf3eada0efd95a9d4403d23a96a0b6bd | Triage

Submit
Reports

Overview

overview

Static

static

3

1 Tera HD-250Qty.exe

windows7-x64

1 Tera HD-250Qty.exe

windows10-2004-x64

Sharing

General

Target

17a7fadae74b86c509a54052f953e4da.bin
Size

517KB
Sample

240629-cr9sksyera
MD5

17a7fadae74b86c509a54052f953e4da
SHA1

5b0fdc187fdb5c0f66b81fc1aafca66965c8ce6b
SHA256

a160642ccf07ca3f837ed3070d3790a5bf3eada0efd95a9d4403d23a96a0b6bd
SHA512

e5e93c7f7e8cb6cb4350309acf59432dd2a8b07c4ce542ef5661d6cd776a73b2ac778caf271a1310f1af39ed11e472748d28b041516631bbab6dd02a54b7e249
SSDEEP

12288:Yh3yc6NUIiPzMe0KbVlYwaC0rJ00T/knMrpBhw6:YNyxiPfJKwaC0rq0jAMr/+6

Score

10^/10

snakekeylogger collection keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1 Tera HD-250Qty.exe

Resource

win7-20240221-en

snakekeylogger collection keylogger spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1 Tera HD-250Qty.exe

Resource

win10v2004-20240611-en

snakekeylogger collection keylogger spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.cleo2solutions.com.au
Port:
587
Username:
[email protected]
Password:
Enter@123

Targets

- Target
  
  1 Tera HD-250Qty.exe
- Size
  
  1.3MB
- MD5
  
  8f602b38b79c7c0d429531f91b563df8
- SHA1
  
  cac3f98aa44c6a78e441e06e86e20d2ed1fcba14
- SHA256
  
  1a3ce7daf20ceb145a8b1045043e4368a6ac1b1ef13f71898faf5855be16948f
- SHA512
  
  ce21dabe8dfd066b307a69174d2c2cfa8c13d4035176e13247c057ede89cb7bf8e88a71edc22fb651462d513bfcf0e83033fa4101cbaa581bccf6e1fb201380f
- SSDEEP
  
  12288:OfvNA7CasVXrfc6edGlc3r7O6x+GR6HZmlk4GcPy9h6JHIxfNj2lQXKp07:uRakf7lczxF2ZmltPi6JHIxF
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerspywarestealer

behavioral2

snakekeyloggercollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy