snakekeylogger | 82a691d0d2c89557642dc0fc22bc2edd02461c64f2b21fd225f2993d4350b375 | Triage

Submit
Reports

Overview

overview

Static

static

5

82a691d0d2...75.exe

windows7-x64

82a691d0d2...75.exe

windows10-2004-x64

Sharing

General

Target

82a691d0d2c89557642dc0fc22bc2edd02461c64f2b21fd225f2993d4350b375.exe
Size

1015KB
Sample

240703-pffrkstdrc
MD5

9b36f1a92adf3c03c596bdda4e8ba903
SHA1

a0bc8f5b57813ad72b2d95c87ce42b1abd0a4f41
SHA256

82a691d0d2c89557642dc0fc22bc2edd02461c64f2b21fd225f2993d4350b375
SHA512

3351c0da097559464081be12a9e44892374b914e62e07f987b514d499d8e03a80b4c509d9d26e34051ffc2bf0917dc0a635f0864182cd7b8a6ccf247bec43f92
SSDEEP

24576:3qDEvCTbMWu7rQYlBQcBiT6rprG8aL5DLN:3TvC/MTQYxsWR7aL5P

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

82a691d0d2c89557642dc0fc22bc2edd02461c64f2b21fd225f2993d4350b375.exe

Resource

win7-20240221-en

snakekeylogger collection keylogger stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

82a691d0d2c89557642dc0fc22bc2edd02461c64f2b21fd225f2993d4350b375.exe

Resource

win10v2004-20240611-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.marinasands.gr
Port:
587
Username:
[email protected]
Password:
;lHJ#%M!iBh-
Email To:
[email protected]

C2

https://scratchdreams.tk

Targets

- Target
  
  82a691d0d2c89557642dc0fc22bc2edd02461c64f2b21fd225f2993d4350b375.exe
- Size
  
  1015KB
- MD5
  
  9b36f1a92adf3c03c596bdda4e8ba903
- SHA1
  
  a0bc8f5b57813ad72b2d95c87ce42b1abd0a4f41
- SHA256
  
  82a691d0d2c89557642dc0fc22bc2edd02461c64f2b21fd225f2993d4350b375
- SHA512
  
  3351c0da097559464081be12a9e44892374b914e62e07f987b514d499d8e03a80b4c509d9d26e34051ffc2bf0917dc0a635f0864182cd7b8a6ccf247bec43f92
- SSDEEP
  
  24576:3qDEvCTbMWu7rQYlBQcBiT6rprG8aL5DLN:3TvC/MTQYxsWR7aL5P
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy