ioc[.]one - OSINT Cyber Threat Intelligence Database

Deep Analysis of Snake Keylogger

Tags

cmtmf-attack-pattern:	Data Encrypted
attack-pattern:	Data Clipboard Data - T1414 Credentials - T1589.001 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Process Hollowing - T1055.012 Scheduled Task - T1053.005 Software - T1592.002 Clipboard Data - T1115 Data Encrypted - T1022 Powershell - T1086 Process Hollowing - T1093 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	f23d1540-4369-4a5b-8383-c5164d739157
Fingerprint	8c0161910de2e6f0
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 24, 2022, midnight
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Deep Analysis of Snake Keylogger
Title	Deep Analysis of Snake Keylogger
Detected Hints/Tags/Attributes	64/2/52

Source URLs

	Redirection	Url
Details	Source	https://x-junior.github.io/malware%20analysis/2022/06/24/Snakekeylogger.html#introduction
Details	Source	https://x-junior.github.io/malware%20analysis/2022/06/24/Snakekeylogger.html

URL Provider

Details	Provider	Source level domain
Details	github.io	x-junior.github.io

Attributes

Details	Type	#Events	Value
Details	Domain	73	schemas.microsoft.com
Details	Domain	29	intptr.zero
Details	Domain	2	validators.email
Details	Domain	145	api.telegram.org
Details	File	1	sw3asla2nyvbyhvdaa.js
Details	File	1	jwohtfo.exe
Details	File	1208	powershell.exe
Details	File	1	c:\users\username\appdata\roaming\jwohtfo.exe
Details	File	60	c:\windows\system32\schtasks.exe
Details	File	1	c:\users\username\appdata\local\temp\tmp2bd2.tmp
Details	File	1	c:\\users\\username\\appdata\\roaming\\jwohtfo.exe
Details	File	15	screenshot.png
Details	File	3	foxmail.url
Details	File	25	accounts.xml
Details	File	34	recentservers.xml
Details	File	5	wand.dat
Details	File	1	moazglue.dll
Details	File	71	nss3.dll
Details	File	99	passwords.txt
Details	File	255	user.txt
Details	File	13	dnlib.dot
Details	File	3	bindingflags.pub
Details	File	1	2022_exportlist.pdf
Details	File	1	traceproviderinstancei.exe
Details	File	6	mlang.dll
Details	File	1	lolno.dll
Details	File	2	ivectorview.dll
Details	File	1	96e46e73-3d6c-4438-a642-6355f4e5a32b.dll
Details	File	1	yfggcvyufgtwfyutgfwtvfauyvf.exe
Details	md5	13	9375CFF0413111d3B88A00104B2A6676
Details	md5	1	96fe87fda1c50480609164fdfa7c56e1
Details	md5	22	f34d5f2d4577ed6d9ceec516c1f5a744
Details	md5	1	ab47b292d4d39311539a0b97e6661f4f
Details	md5	5	dae02f32a21e03ce65412f6e56942daa
Details	md5	1	1f0d10c221bfe2cf55c71a36f960a94f
Details	md5	1	9685ca6802fcec12497c9de13e0828f7
Details	md5	1	a90c091abded4a4f763de7537f569167
Details	sha1	1	5265736f7572636546616c6c6261636b4d616e61
Details	sha1	1	548e2ae1da37cf3c58b1dc24b9020be915892412
Details	sha1	1	54cd9efbebe4f41b23e6f24fffac0da8f72d921b
Details	sha1	1	ccbce039ccd22c9adf2a3761dcd5dc2e1cfd9579
Details	sha1	1	07ff707126fe5ef9d81d930d1184c8acbca84447
Details	sha1	1	9394b05c2d518ee5d75fb030f2dca6d15c44bf0a
Details	sha256	1	605929594981dafbab968728e7a47ca70c6175e2b0c2394b1f6793145b338175
Details	sha256	1	fe78017f2153de0c5ca645c4255899ab044502fe5c77d5c04ced635d9fe981d9
Details	sha256	1	c555c0c042e85369b0aec6961a04cb5f33689f9a2d84bbb436793d8eabf9a641
Details	sha256	1	900664051b305fa30b48392b7c3956c172d3b1b4248b0b1ba30a850010d4aeed
Details	sha256	1	653b29296dcc50bfb59898d3ba38748b1c484701079ccc85f45bd2c0e4ecbe3e
Details	Url	19	http://schemas.microsoft.com/windows/2004/02/mit/task
Details	Url	33	https://api.telegram.org/bot
Details	Url	1	https://api.telegram.org/bot5392870078
Details	Windows Registry Key	2	HKCU\software\microsoft\windows\currentversion\run