snakekeylogger | 125c3477bf1dd27723c2688187a01190ef845950a246efcd2ef4b8bfd1647570 | Triage

Submit
Reports

Overview

overview

Static

static

3

a1aa961c8b...7d.exe

windows7-x64

a1aa961c8b...7d.exe

windows10-2004-x64

Sharing

General

Target

2dcf1e9b4ca5afa19d7473f108aea256.bin
Size

484KB
Sample

240702-blb4pavcjq
MD5

e2e201ccda5c3b8e31a551429803a7a7
SHA1

929cc2bf76fbdf3e2704acad762ab4aa78110560
SHA256

125c3477bf1dd27723c2688187a01190ef845950a246efcd2ef4b8bfd1647570
SHA512

0789d4ebc8b45a410abf306d270d0245e526cc7f33c4de0f0f3b9a314d82dd0d65982a2b540ca79935886c92be174cc932b3bf87746ee920f89dd1e8c0be725a
SSDEEP

12288:TygHcHu1dBIz/VzSsn4mdtxgpktvMyyOjWBuUStuMVHf/j:+g8Hu10z/gQ9Jt0yyOSx5mz

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a1aa961c8b1eb8e3627dceee8081d62544d84987b623b84addd7b92a35089c7d.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

a1aa961c8b1eb8e3627dceee8081d62544d84987b623b84addd7b92a35089c7d.exe

Resource

win10v2004-20240508-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
valleycountysar.org
Port:
26
Username:
[email protected]
Password:
fY,FLoadtsiF

Targets

- Target
  
  a1aa961c8b1eb8e3627dceee8081d62544d84987b623b84addd7b92a35089c7d.exe
- Size
  
  1.9MB
- MD5
  
  2dcf1e9b4ca5afa19d7473f108aea256
- SHA1
  
  d2f554d2699fcddf1c2d65cc05739916aa0dae62
- SHA256
  
  a1aa961c8b1eb8e3627dceee8081d62544d84987b623b84addd7b92a35089c7d
- SHA512
  
  be82afc240c397e66742a019af1fe6464100eda77bb5b4bfb6e92856ae51b866554e51b500786902d79737ed1a4e2e02b845b034ec9d2abfd3ff6d9526587cde
- SSDEEP
  
  12288:7EC0huBtyjOQyaZyk3x2PulNQ5EcxhyBIpNOlV3d:AC4u/2x72PV5LxhclV3d
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy