snakekeylogger | 2cbc13099ee1ba4b8c671bfca525bb2c5c057c2fc13df105dec2852a8b672e50 | Triage

Submit
Reports

Overview

overview

Static

static

5

whiteee.exe

windows7-x64

whiteee.exe

windows10-2004-x64

Sharing

General

Target

whiteee.exe
Size

1.0MB
Sample

240702-hcw6tszhpd
MD5

9a961cdb405219d714347c06a7a6a995
SHA1

2bf6f2e31d453c52685f8ffeaa52056aa727674d
SHA256

2cbc13099ee1ba4b8c671bfca525bb2c5c057c2fc13df105dec2852a8b672e50
SHA512

c016af696bf4b3eb6d27a61afc6760eee7d50624ee198e9d64562564ee6f5243508edf215b5325010ee9a484cbe4d218bc6beb52eefe9a548738022e82fedf3f
SSDEEP

24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8af3BG5kPJ:tTvC/MTQYxsWR7afJ

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

whiteee.exe

Resource

win7-20240508-en

snakekeylogger keylogger stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

whiteee.exe

Resource

win10v2004-20240508-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.cash4cars.nz
Port:
26
Username:
[email protected]
Password:
TeZIDzFWyl7%
Email To:
[email protected]

Targets

- Target
  
  whiteee.exe
- Size
  
  1.0MB
- MD5
  
  9a961cdb405219d714347c06a7a6a995
- SHA1
  
  2bf6f2e31d453c52685f8ffeaa52056aa727674d
- SHA256
  
  2cbc13099ee1ba4b8c671bfca525bb2c5c057c2fc13df105dec2852a8b672e50
- SHA512
  
  c016af696bf4b3eb6d27a61afc6760eee7d50624ee198e9d64562564ee6f5243508edf215b5325010ee9a484cbe4d218bc6beb52eefe9a548738022e82fedf3f
- SSDEEP
  
  24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8af3BG5kPJ:tTvC/MTQYxsWR7afJ
Score

10^/10

snakekeylogger keylogger stealer collection
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy