snakekeylogger | 8964d755c2f389912c29fc1e6ae88443aa4f8e854ddd9896b85938d51ebe74ae | Triage

Submit
Reports

Overview

overview

Static

static

3

E-Remittance Copy.exe

windows7-x64

E-Remittance Copy.exe

windows10-2004-x64

Sharing

General

Target

8964d755c2f389912c29fc1e6ae88443aa4f8e854ddd9896b85938d51ebe74ae.ace
Size

584KB
Sample

240705-whcahavemb
MD5

f939e4e486b3a8611b8800a2e5178706
SHA1

ea2cdeb96b4e49c8130e2f709e6e1dce9ad4925b
SHA256

8964d755c2f389912c29fc1e6ae88443aa4f8e854ddd9896b85938d51ebe74ae
SHA512

779e4a24879e1b1c8571207da48352a8d62efafd9bd3884b3ea9223f396efeb7f24fc40b30961b9603a44b48e5ff98a3bbff4d09b12801d7b71072ea9b750d7d
SSDEEP

12288:8cbRzjOvobJVwZOE9BS1j73qzxTOoSSYciVoM+dgE1R1Hd01LEKJ:tbRzjOvo4Bgn8FO6RMvET1Hi1LE2

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

E-Remittance Copy.exe

Resource

win7-20240705-en

snakekeylogger collection keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

E-Remittance Copy.exe

Resource

win10v2004-20240508-en

snakekeylogger keylogger stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.innovativeenqg.co.in
Port:
25
Username:
[email protected]
Password:
%OTz$v%9
Email To:
[email protected]

Targets

- Target
  
  E-Remittance Copy.exe
- Size
  
  618KB
- MD5
  
  efa73414038ce709eb64144bf5dbe5b5
- SHA1
  
  a618f242c9c9ed858016bf56d992ffa53f4edbd2
- SHA256
  
  27b0580d503930275e904d52788707326aa3e2f8bd8ef247fe60ba9432767345
- SHA512
  
  7baae60caea6af444bfa9437bb1613fef7faee0fa3f54657fdab3dfc8454c81ab6e73eadbf6f2128261b53b4d1c334cf614183ca38c81e7911e708a6b98f5af2
- SSDEEP
  
  12288:S5WHiX1ngdgIMVJJs9FB/2TQOe0wFxczq83ARQeou1:7i2d0Lgb/2TCz/czpId
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy