snakekeylogger | 359aca28cbb86b8055202dd1fe9cc037e16d8863f979e0dd92f2e74056f467f1 | Triage

Submit
Reports

Overview

overview

Static

static

3

2fbd15a6d2...18.exe

windows7-x64

2fbd15a6d2...18.exe

windows10-2004-x64

Sharing

General

Target

2fbd15a6d2007c2c438c181e952ef389_JaffaCakes118
Size

329KB
Sample

240330-baeensdc8y
MD5

2fbd15a6d2007c2c438c181e952ef389
SHA1

fc0f939e922d18a13c67c7957dd84b486472a82e
SHA256

359aca28cbb86b8055202dd1fe9cc037e16d8863f979e0dd92f2e74056f467f1
SHA512

55ca8374cd971cef30cec5ceb2835112c3b6406038f20cd72373ff74919214722a4988dbca9d6e170b1e7e49d13a8ea4208c9bdbebd16901ace5afe0025e5a9c
SSDEEP

3072:XQO8S+DcOgCOgCOgmh2eScGKiFzOT2G+NgdVqeVZflzbPLSKR6nyTUgTjQlO+ZhD:AXBuFpGpdVxZ9vTYnDhOVKOfVyamY

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2fbd15a6d2007c2c438c181e952ef389_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2fbd15a6d2007c2c438c181e952ef389_JaffaCakes118.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
iwRaBVG6
Email To:
[email protected]

C2

https://api.telegram.org/bot2043981125:AAGaa5K6uc5rV5LARENbXhpoD0InPrKgKJI/sendMessage?chat_id=2062013058

Targets

- Target
  
  2fbd15a6d2007c2c438c181e952ef389_JaffaCakes118
- Size
  
  329KB
- MD5
  
  2fbd15a6d2007c2c438c181e952ef389
- SHA1
  
  fc0f939e922d18a13c67c7957dd84b486472a82e
- SHA256
  
  359aca28cbb86b8055202dd1fe9cc037e16d8863f979e0dd92f2e74056f467f1
- SHA512
  
  55ca8374cd971cef30cec5ceb2835112c3b6406038f20cd72373ff74919214722a4988dbca9d6e170b1e7e49d13a8ea4208c9bdbebd16901ace5afe0025e5a9c
- SSDEEP
  
  3072:XQO8S+DcOgCOgCOgmh2eScGKiFzOT2G+NgdVqeVZflzbPLSKR6nyTUgTjQlO+ZhD:AXBuFpGpdVxZ9vTYnDhOVKOfVyamY
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy