snakekeylogger | fe68d5e9330b1320caa01293c6abdc783d553571f3f0b9cc2a43685cc1f2f66b | Triage

Submit
Reports

Overview

overview

Static

static

3

132a2ba14a...18.exe

windows7-x64

132a2ba14a...18.exe

windows10-2004-x64

Sharing

General

Target

132a2ba14ac1a95289b2aca07fd927d3_JaffaCakes118
Size

453KB
Sample

240328-3yjg3sca41
MD5

132a2ba14ac1a95289b2aca07fd927d3
SHA1

2f9f746afe1a54cd64e82b377bb6fd709f0ca399
SHA256

fe68d5e9330b1320caa01293c6abdc783d553571f3f0b9cc2a43685cc1f2f66b
SHA512

10e283c94ae4d24064b6308c5e18faff8cef251a335eaa0e915da33ca4bb535f189dff9aff57cf7b9be8250868ad54e3545d0dd3ca03904bfb7d8cd7747435f9
SSDEEP

6144:MmOkxN9livc2Oe82GIAM97jqpoYiAlO6DpCYVHed8nJ5ybxzKbBEtn47GTpsD8XE:O9qskO61Hm8nfIJEa/TpsIXNVKaXSB

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

132a2ba14ac1a95289b2aca07fd927d3_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

132a2ba14ac1a95289b2aca07fd927d3_JaffaCakes118.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.faks-allied-health.com
Port:
587
Username:
info@faks-allied-health.com
Password:
$Faks1234
Email To:
wealthmyson@yandex.com

Targets

- Target
  
  132a2ba14ac1a95289b2aca07fd927d3_JaffaCakes118
- Size
  
  453KB
- MD5
  
  132a2ba14ac1a95289b2aca07fd927d3
- SHA1
  
  2f9f746afe1a54cd64e82b377bb6fd709f0ca399
- SHA256
  
  fe68d5e9330b1320caa01293c6abdc783d553571f3f0b9cc2a43685cc1f2f66b
- SHA512
  
  10e283c94ae4d24064b6308c5e18faff8cef251a335eaa0e915da33ca4bb535f189dff9aff57cf7b9be8250868ad54e3545d0dd3ca03904bfb7d8cd7747435f9
- SSDEEP
  
  6144:MmOkxN9livc2Oe82GIAM97jqpoYiAlO6DpCYVHed8nJ5ybxzKbBEtn47GTpsD8XE:O9qskO61Hm8nfIJEa/TpsIXNVKaXSB
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy