snakekeylogger | 8843ceeb159a1fc6e7ef780368209b4a0310aee46b62d6f826f7dbac8d04b3c8 | Triage

Submit
Reports

Overview

overview

Static

static

3

new order.exe

windows7-x64

new order.exe

windows10-2004-x64

Sharing

General

Target

01072024_1026_30062024_new order.zip
Size

483KB
Sample

240701-mgyyfawdlf
MD5

cb98caf77175fa8504e87e10b81498d4
SHA1

2df6c4cd9d86ca00b9d933e37486dc223dea1f93
SHA256

8843ceeb159a1fc6e7ef780368209b4a0310aee46b62d6f826f7dbac8d04b3c8
SHA512

094573eab84692dd245aa33da4a2f94021b2d5e8d21785b2dbc8ae64e5f4af7e738fb1442000ebca82fbe31720d8a78895d3218a034f7192d2b31913f9c0de38
SSDEEP

12288:d6D0J10bWcr+uDCVH0S7GXgEx8peFbMUakYf:dG0J1rcWH0lJxJtHi

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

new order.exe

Resource

win7-20240508-en

snakekeylogger collection keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

new order.exe

Resource

win10v2004-20240508-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
valleycountysar.org
Port:
26
Username:
[email protected]
Password:
fY,FLoadtsiF

Targets

- Target
  
  new order.exe
- Size
  
  1.8MB
- MD5
  
  0c5a964f9cbf2fec077302e6baa7316f
- SHA1
  
  d0593ff771d4cf489903b807aa93f29f5a51f0b5
- SHA256
  
  dd93e71cdd590d9c74d24a1b822948e7501b7a38df590d4d52ddf3e862a0cb2d
- SHA512
  
  4947d5c0632be00af4ae33700eb85a82daea3f2e1a373b8e454a7103a6959e7f31b973c135ae498b3c70da1c12cdf3482bf43ad3abf92ce7af3f3a54d47a6817
- SSDEEP
  
  12288:g6R0Jt0zWWrUufKjFokZGX+KxITevb8OaAN:gi0Jt9W6FovBx3DV
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy