otx.alienvault.com Open in urlscan Pro
13.32.121.87  Public Scan

URL: https://otx.alienvault.com/pulse/6185218842a91bb63bda21dc?scan=1&utm_userid=swimlanecyou&utm_medium=inproduct&utm_source=ot...
Submission: On November 05 via api from US — Scanned from DE

Form analysis 1 forms found in the DOM

<form _ngcontent-yvt-c132="" novalidate="" class="login ng-untouched ng-pristine ng-invalid" id="welcomeLoginForm-pulse-detail" __bizdiag="-695151727" __biza="WJ__">
  <div _ngcontent-yvt-c132="" class="form-group"><label _ngcontent-yvt-c132="" for="id_login">Username</label><input _ngcontent-yvt-c132="" container="body" formcontrolname="login" id="id_login" name="login" placement="right" type="text"
      class="form-control input-alienvault ng-untouched ng-pristine ng-invalid"><!----></div>
  <div _ngcontent-yvt-c132="" class="form-group"><label _ngcontent-yvt-c132="" for="id_password">Password</label><input _ngcontent-yvt-c132="" container="body" formcontrolname="password" id="id_password" name="password" placement="right"
      type="password" class="form-control input-alienvault ng-untouched ng-pristine ng-invalid"><!----></div><button _ngcontent-yvt-c132="" id="loginBtn" type="submit" class="btn btn-att disabled" disabled=""> Log in
    <i _ngcontent-yvt-c132="" aria-hidden="true" class="fa fa-chevron-right smaller"></i></button>
  <div _ngcontent-yvt-c132="" class="remember-checkbox"><label _ngcontent-yvt-c132=""><input _ngcontent-yvt-c132="" id="id_remember" name="remember" type="checkbox"> REMEMBER ME</label></div>
</form>

Text Content

×

   
 * Browse
 * Scan Endpoints
 * Create Pulse
 * Submit Sample
 * API Integration
   
   
 * Login | Sign Up
   

All
   
 * Login | Sign Up
   
 * 
   


Share
Actions
Subscribers (163676)
Suggest Edit
Clone
Embed
Download
Report Spam



FRESH VARIANT OF SNAKE KEYLOGGER MALWARE

   
 * Created 34 minutes ago by AlienVault
 * Public
 * TLP: White

Fortinet’s FortiGuard Labs recently captured a Microsoft Excel sample from the
wild that was used to spread malware. After researching its behaviors, I
recognized it as a fresh variant of the Snake Keylogger malware. Snake Keylogger
is a malware developed using .NET. It first appeared in late 2020 and focused on
stealing sensitive information from a victim’s device, including saved
credentials, the victim’s keystrokes, screenshots of the victim’s screen, and
clipboard data.

Reference:
https://www.fortinet.com/blog/threat-research/deep-dive-into-a-fresh-variant-of-snake-keylogger-malware
Tags:
snake, snake keylogger, keylogger, powershell, Microsoft Excel, Malicious
document
Malware Families:
Snake , Snake Keylogger
Att&ck IDs:
T1056 - Input Capture , T1115 - Clipboard Data , T1071 - Application Layer
Protocol , T1055 - Process Injection , T1137 - Office Application Startup ,
T1113 - Screen Capture , T1010 - Application Window Discovery , T1106 - Native
API , T1012 - Query Registry , T1547 - Boot or Logon Autostart Execution , T1027
- Obfuscated Files or Information , T1204 - User Execution , T1566 - Phishing

Endpoint Security
Scan your endpoints for IOCs from this Pulse!
Learn more
 * Indicators of Compromise (8)
 * Related Pulses (2)
 * Comments (0)
 * History (0)

URL (2)FileHash-SHA256 (2)FileHash-MD5 (2)FileHash-SHA1 (2)

TYPES OF INDICATORS

Show
10 25 50 100
entries
Search:

type

indicator

Role

title

Added

Active

related Pulses

FileHash-SHA25653d520c1f12fe4e479c6e31626f7d4aba5a65d107c1a13401380ebca7cca5b05Win32:MalwareX-gen\
[Trj]Nov 5, 2021, 12:20:25 PM1

FileHash-SHA2563b437baa9a07e9dece2659f20b5d97f8f729ba077d399933041cdc656c8d4d04#Lowfi:Lua:Mampa:95!mlNov
5, 2021, 12:20:25 PM1

FileHash-SHA1ea89519b812adc5dff90531a6c64c987d6d109d8Win32:MalwareX-gen\
[Trj]Nov 5, 2021, 12:20:25 PM2

FileHash-SHA11d5fb4b5a63f16d2c8bde8e42f9bc15fc8e1ff03#Lowfi:Lua:Mampa:95!mlNov
5, 2021, 12:20:25 PM1

FileHash-MD599a0109485e8ca6d9ee2b809390d89b8Win32:MalwareX-gen\ [Trj]Nov 5,
2021, 12:20:25 PM1

FileHash-MD508188e5102d3824ad530a21c1b25ad97#Lowfi:Lua:Mampa:95!mlNov 5, 2021,
12:20:25 PM1

URLhttp://3.64.251.139/v3/2/Requests07520000652.exeNov 5, 2021, 12:20:25 PM0

URLhttps://store2.gofile.io/download/0283e6ba-afc6-4dcb-b2f4-3173d666e2c4/Huzeigtmvaplpinhoo.dllNov
5, 2021, 12:20:25 PM0


SHOWING 1 TO 8 OF 8 ENTRIES


COMMENTS

You must be logged in to leave a comment.

Refresh Comments

 * © Copyright 2021 AlienVault, Inc.
   
 * Legal
   
 * Status
   


Login to Initiate Scan
×
 * Sign Up
 * Log In

or
Username
Password
Log in
REMEMBER ME

Recover Your Password | Resend Verification Email