snakekeylogger | 4cdb8cc0837ad94a9b5e246bdef5ef13bf423c6c6dc7b111d0966ef68a81b892 | Triage

Submit
Reports

Overview

overview

Static

static

3

4cdb8cc083...cs.exe

windows7-x64

4cdb8cc083...cs.exe

windows10-2004-x64

Sharing

General

Target

4cdb8cc0837ad94a9b5e246bdef5ef13bf423c6c6dc7b111d0966ef68a81b892_NeikiAnalytics.exe
Size

689KB
Sample

240701-m436nsxgkb
MD5

2f89f3acf9e0cda3475a64a577618ef0
SHA1

64e8d2ce1514ab35101d30f6d316fa2266728722
SHA256

4cdb8cc0837ad94a9b5e246bdef5ef13bf423c6c6dc7b111d0966ef68a81b892
SHA512

fae512a7b4bd514bcd708c871ec5697a1a5f362250d4d377bd03c98592582390ce8e578e2e76dc750c925918fe917de9f165b2457acca73dcdec0e97d4b5e104
SSDEEP

12288:fGp6YuDccm04mfUVXYveOauvtfnB8E7fT3B/oG2hlDLFkzkMKXI:fXYi4m8VrOLtvjfTClDBkzkMKXI

Score

10^/10

snakekeylogger collection execution keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4cdb8cc0837ad94a9b5e246bdef5ef13bf423c6c6dc7b111d0966ef68a81b892_NeikiAnalytics.exe

Resource

win7-20231129-en

snakekeylogger collection execution keylogger stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

4cdb8cc0837ad94a9b5e246bdef5ef13bf423c6c6dc7b111d0966ef68a81b892_NeikiAnalytics.exe

Resource

win10v2004-20240226-en

snakekeylogger collection execution keylogger stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

http://103.130.147.85

Targets

- Target
  
  4cdb8cc0837ad94a9b5e246bdef5ef13bf423c6c6dc7b111d0966ef68a81b892_NeikiAnalytics.exe
- Size
  
  689KB
- MD5
  
  2f89f3acf9e0cda3475a64a577618ef0
- SHA1
  
  64e8d2ce1514ab35101d30f6d316fa2266728722
- SHA256
  
  4cdb8cc0837ad94a9b5e246bdef5ef13bf423c6c6dc7b111d0966ef68a81b892
- SHA512
  
  fae512a7b4bd514bcd708c871ec5697a1a5f362250d4d377bd03c98592582390ce8e578e2e76dc750c925918fe917de9f165b2457acca73dcdec0e97d4b5e104
- SSDEEP
  
  12288:fGp6YuDccm04mfUVXYveOauvtfnB8E7fT3B/oG2hlDLFkzkMKXI:fXYi4m8VrOLtvjfTClDBkzkMKXI
Score

10^/10

snakekeylogger collection execution keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggercollectionexecutionkeyloggerstealer

behavioral2

snakekeyloggercollectionexecutionkeyloggerstealer

© 2018-2024

Terms | Privacy