snakekeylogger | 7351d0a0d19a6efb2230bfa6f588b85c0d54a221adde9d74009114fae4e6f1a8 | Triage

Submit
Reports

Overview

overview

Static

static

5

CHARLES.exe

windows7-x64

CHARLES.exe

windows10-2004-x64

3

Sharing

General

Target

Wyciag_79_61102025280000080200145136.rar
Size

1.2MB
Sample

240702-lnjawszgpn
MD5

0f60c05a4005d8e9adc2649028b24b7c
SHA1

44de14980a2167b4e3a718e62c20cc4fec38729c
SHA256

7351d0a0d19a6efb2230bfa6f588b85c0d54a221adde9d74009114fae4e6f1a8
SHA512

26e8d72861e46f06d9a132816516c08d37692bbe0452a9fa1aa99f3a4e6c55a5b39de7cabac629c1f611f9fbdf5b665f2ff7f00f1f10df988e3a349a141694fa
SSDEEP

24576:mB0oZJrs+jfrouGIH5xxYk5dkYxdet8NeR2NO9/ogQpUZo/4hD+D:mB3hnjfzH5zYk5Dit8NeR2NpgtZO45+D

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

CHARLES.exe

Resource

win7-20240419-en

snakekeylogger collection keylogger stealer

windows7-x64

14 signatures

300 seconds

Behavioral task

behavioral2

Sample

CHARLES.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

4 signatures

300 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.maskottchenpet.com
Port:
26
Username:
[email protected]
Password:
refaMASK2019*
Email To:
[email protected]

Targets

- Target
  
  CHARLES.exe
- Size
  
  1.7MB
- MD5
  
  bb1b2455f59fa0a25524b7ec9baff097
- SHA1
  
  9fadc578c339425ee59b46b9aae2c1c1472f076c
- SHA256
  
  a649c2453c27bdf09b5b92207e2bc8041bcfec24819ed7879959361096d7200f
- SHA512
  
  f17aa003e42920e7e5897280369d78e9a91a7cf51ff92eadf00565bd52931d20131d909835d585bbd7812e40f7389b5df4a8029c124c8d5d5f3b318fa207cffe
- SSDEEP
  
  49152:NTvC/MTQYxsWR7adX0KD/HqQhPFuWrf1:hjTQYxsWR63iQtFuWrf1
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy