snakekeylogger | a4052a6663acc950f95ea27ecf872887f640b99ede1eabf6cf4fbf495623c9c9 | Triage

Submit
Reports

Overview

overview

Static

static

3

f3c462280f...95.exe

windows7-x64

f3c462280f...95.exe

windows10-2004-x64

Sharing

General

Target

ec3fe16c54946213c717a27606f70243.bin
Size

484KB
Sample

240702-cezrvawbqq
MD5

2941b1d5ed9dcdf79878bdda9409dd39
SHA1

675e88dc2ea5af96919406651c7da7cac2c18f70
SHA256

a4052a6663acc950f95ea27ecf872887f640b99ede1eabf6cf4fbf495623c9c9
SHA512

f77d5849d48dc16e7fdb0400ceb5b7e173fd6095e998ea8b8d278da515b197b67430724210df3c8dd0cdcfcaed10c4091760388a234deab20c480c4a8e210936
SSDEEP

12288:KrNyIqNSIW7+kZbmt1pgUUCNo/mgPyYiGHLRkRqDC:KxyFXAZmt15NoAYlH4Z

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695.exe

Resource

win7-20240611-en

snakekeylogger keylogger stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695.exe

Resource

win10v2004-20240508-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
valleycountysar.org
Port:
26
Username:
[email protected]
Password:
fY,FLoadtsiF

Targets

- Target
  
  f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695.exe
- Size
  
  1.5MB
- MD5
  
  ec3fe16c54946213c717a27606f70243
- SHA1
  
  d11efe4e0f949ff6b14929cd30ae146c1b4a11c9
- SHA256
  
  f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695
- SHA512
  
  66125f727ec27d3e1da5c87953e46e928b000d564c784b919ba0b558efe4aa080a2f310e729f03b113ab02bc5aea390bb60a6829d3d586fab414b430d40eab04
- SSDEEP
  
  12288:1hNsCbYGek5/68cYvmjZxVcsK3SCv6vcuqVuMDCqg0h+:14CF/6V1xNK3SnUrRh+
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy