Deep Analysis of Snake Keylogger’s New Variant

Aug. 30, 2024, 8:36 a.m.

Description

FortiGuard Labs recently caught a phishing campaign delivering a new variant of Snake Keylogger, a keylogger malware that can steal sensitive data like saved credentials, keystrokes, and screenshots. The analysis examines the phishing email, malicious Excel document, and techniques used by the malware to evade detection and establish persistence on infected systems. It also describes how the malware collects and exfiltrates stolen data.

Date

Published: Aug. 30, 2024, 8:05 a.m.

Created: Aug. 30, 2024, 8:05 a.m.

Modified: Aug. 30, 2024, 8:36 a.m.

Indicators

6f6a660ce89f6ea5bbe532921ddc4aa17bcd3f2524aa2461d4be265c9e7328b9

484e5a871ad69d6b214a31a3b7f8cfced71ba7a07e62205a90515f350cc0f723

207dd751868995754f8c1223c08f28633b47629f78faaf70a3b931459ee60714

8406a1d7a33b3549dd44f551e5a68392f85b5ef9cf8f9f3db68bd7e02d1eaba7

192.3.176.138

http://192.3.176.138/xampp/zoom/107.hta

http://192.3.176.138/107/sahost.exe

http://urlty.co/byPCO

Attack Patterns

Snake Keylogger

T1547.003

T1053.007

T1056.002

T1071.004

T1552.001

T1053.005

T1059.001

T1566.002

T1547.001

T1071.001

T1036.005

CVE-2017-0199