Deep Analysis of Snake Keylogger’s New Variant

Aug. 30, 2024, 8:36 a.m.

Description

FortiGuard Labs recently caught a phishing campaign delivering a new variant of Snake Keylogger, a keylogger malware that can steal sensitive data like saved credentials, keystrokes, and screenshots. The analysis examines the phishing email, malicious Excel document, and techniques used by the malware to evade detection and establish persistence on infected systems. It also describes how the malware collects and exfiltrates stolen data.

External References

https://www.fortinet.com/blog/threat-research/deep-analysis-of-snake-keylogger-new-variant
https://otx.alienvault.com/pulse/66d17d529bf0168ef8ffecc1
Tags
phishing
persistence
credential theft
CVE-2017-0199
keylogger
2024-08-30
process injection
snake keylogger

Date

  • Created: Aug. 30, 2024, 8:05 a.m.
  • Published: Aug. 30, 2024, 8:05 a.m.
  • Modified: Aug. 30, 2024, 8:36 a.m.

Indicators

  • 6f6a660ce89f6ea5bbe532921ddc4aa17bcd3f2524aa2461d4be265c9e7328b9
  • 484e5a871ad69d6b214a31a3b7f8cfced71ba7a07e62205a90515f350cc0f723
  • 207dd751868995754f8c1223c08f28633b47629f78faaf70a3b931459ee60714
  • 8406a1d7a33b3549dd44f551e5a68392f85b5ef9cf8f9f3db68bd7e02d1eaba7
  • 192.3.176.138
  • http://192.3.176.138/xampp/zoom/107.hta
  • http://192.3.176.138/107/sahost.exe
  • http://urlty.co/byPCO
Download all indicators here!

Attack Patterns

  • Snake Keylogger
  • T1547.003
  • T1053.007
  • T1056.002
  • T1071.004
  • T1552.001
  • T1053.005
  • T1059.001
  • T1566.002
  • T1547.001
  • T1071.001
  • T1036.005

Linked vulnerabilities

CVE-2017-0199

None
Published: