Deep Analysis of Snake Keylogger’s New Variant
Aug. 30, 2024, 8:36 a.m.
Tags
External References
Description
FortiGuard Labs recently caught a phishing campaign delivering a new variant of Snake Keylogger, a keylogger malware that can steal sensitive data like saved credentials, keystrokes, and screenshots. The analysis examines the phishing email, malicious Excel document, and techniques used by the malware to evade detection and establish persistence on infected systems. It also describes how the malware collects and exfiltrates stolen data.
Date
Published: Aug. 30, 2024, 8:05 a.m.
Created: Aug. 30, 2024, 8:05 a.m.
Modified: Aug. 30, 2024, 8:36 a.m.
Indicators
6f6a660ce89f6ea5bbe532921ddc4aa17bcd3f2524aa2461d4be265c9e7328b9
484e5a871ad69d6b214a31a3b7f8cfced71ba7a07e62205a90515f350cc0f723
207dd751868995754f8c1223c08f28633b47629f78faaf70a3b931459ee60714
8406a1d7a33b3549dd44f551e5a68392f85b5ef9cf8f9f3db68bd7e02d1eaba7
192.3.176.138
http://192.3.176.138/xampp/zoom/107.hta
http://192.3.176.138/107/sahost.exe
http://urlty.co/byPCO
Attack Patterns
Snake Keylogger
T1547.003
T1053.007
T1056.002
T1071.004
T1552.001
T1053.005
T1059.001
T1566.002
T1547.001
T1071.001
T1036.005
CVE-2017-0199