snakekeylogger | e2a955f7b2bc03dde54a2197b69ad8078deec668a19b40abe42d563265a2e597 | Triage

Submit
Reports

Overview

overview

Static

static

3

33e4de4d58...18.exe

windows7-x64

33e4de4d58...18.exe

windows10-2004-x64

Sharing

General

Target

33e4de4d5814252ae336aca5c69c9ff7_JaffaCakes118
Size

537KB
Sample

240330-fbnf7aha6t
MD5

33e4de4d5814252ae336aca5c69c9ff7
SHA1

e9df6feccc66a7d9153f80472f10e4ac98407ee6
SHA256

e2a955f7b2bc03dde54a2197b69ad8078deec668a19b40abe42d563265a2e597
SHA512

73300c48939b0113b6fa75967b74aef7f17fade039588a376098bfcc44ace4b703073bbb46005223553c226c0989edbccd147efdda7253a1581431fee1abe17e
SSDEEP

12288:Kogc8I8Nnhv/ZO7Xc9ffX1dZhz4YBapC3U9+m50:Gncc9ffFdZtQ9v5

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

33e4de4d5814252ae336aca5c69c9ff7_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

33e4de4d5814252ae336aca5c69c9ff7_JaffaCakes118.exe

Resource

win10v2004-20240319-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.sacauto.co.za
Port:
587
Username:
[email protected]
Password:
#R0797967613
Email To:
[email protected]

Targets

- Target
  
  33e4de4d5814252ae336aca5c69c9ff7_JaffaCakes118
- Size
  
  537KB
- MD5
  
  33e4de4d5814252ae336aca5c69c9ff7
- SHA1
  
  e9df6feccc66a7d9153f80472f10e4ac98407ee6
- SHA256
  
  e2a955f7b2bc03dde54a2197b69ad8078deec668a19b40abe42d563265a2e597
- SHA512
  
  73300c48939b0113b6fa75967b74aef7f17fade039588a376098bfcc44ace4b703073bbb46005223553c226c0989edbccd147efdda7253a1581431fee1abe17e
- SSDEEP
  
  12288:Kogc8I8Nnhv/ZO7Xc9ffX1dZhz4YBapC3U9+m50:Gncc9ffFdZtQ9v5
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy