snakekeylogger | ce8d8f5b2708fb0a26ac9ce32c303779179ff58297279c834fd8220b77154680 | Triage

Submit
Reports

Overview

overview

Static

static

3

ce8d8f5b27...80.exe

windows7-x64

ce8d8f5b27...80.exe

windows10-2004-x64

Sharing

General

Target

ce8d8f5b2708fb0a26ac9ce32c303779179ff58297279c834fd8220b77154680.exe
Size

213KB
Sample

240702-chldmawcmn
MD5

27af175b8006ce6c2376748b21748412
SHA1

ec6b0f34dbe9294a82dcc379b3de2b744f5d65ea
SHA256

ce8d8f5b2708fb0a26ac9ce32c303779179ff58297279c834fd8220b77154680
SHA512

fa9692944fadd680c07bcfb6627f561f809e97142b41d98605c2d4034abf576ec87becd47eb4ad385d7c6d180a5d6264fe979446f4c152e4eb1fedd6e6fd69d4
SSDEEP

3072:lhgaMehpuSXYIdP/1pnVLjIvwHyV9YOsUw2hIE3JoN8EheTgc33FgO:FBLrXzn1pnV/gse9yvbE5ovh3

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ce8d8f5b2708fb0a26ac9ce32c303779179ff58297279c834fd8220b77154680.exe

Resource

win7-20240419-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ce8d8f5b2708fb0a26ac9ce32c303779179ff58297279c834fd8220b77154680.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
valleycountysar.org
Port:
26
Username:
[email protected]
Password:
iU0Ta!$K8L51
Email To:
[email protected]

Targets

- Target
  
  ce8d8f5b2708fb0a26ac9ce32c303779179ff58297279c834fd8220b77154680.exe
- Size
  
  213KB
- MD5
  
  27af175b8006ce6c2376748b21748412
- SHA1
  
  ec6b0f34dbe9294a82dcc379b3de2b744f5d65ea
- SHA256
  
  ce8d8f5b2708fb0a26ac9ce32c303779179ff58297279c834fd8220b77154680
- SHA512
  
  fa9692944fadd680c07bcfb6627f561f809e97142b41d98605c2d4034abf576ec87becd47eb4ad385d7c6d180a5d6264fe979446f4c152e4eb1fedd6e6fd69d4
- SSDEEP
  
  3072:lhgaMehpuSXYIdP/1pnVLjIvwHyV9YOsUw2hIE3JoN8EheTgc33FgO:FBLrXzn1pnV/gse9yvbE5ovh3
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy