snakekeylogger | d258a4db20dfd6da41fca5215b43e1f27266735b8be794485d412bb0ddb3c80c | Triage

Submit
Reports

Overview

overview

Static

static

3

4a2b206da2...18.exe

windows7-x64

4a2b206da2...18.exe

windows10-2004-x64

Sharing

General

Target

4a2b206da286a5fc10f722daa2ec9712_JaffaCakes118
Size

518KB
Sample

240331-cdzepabg3y
MD5

4a2b206da286a5fc10f722daa2ec9712
SHA1

17eda317cf7ab2733b8b7a35aafdb19d827ba842
SHA256

d258a4db20dfd6da41fca5215b43e1f27266735b8be794485d412bb0ddb3c80c
SHA512

63c4117d9dda94e578e59872b1fe42b8f73445930484e8622963491d1b4a633e9d74dcdbdcca088d5caa692a49b8e59e32982434355c3fef23c3a9944ae2ab4e
SSDEEP

6144:L16MFohvg6e6UqrlRalE9dGK0JBDxuWaHOikU80G2S+0gHvW+OJz921AsOjz:GhvhU29dGBJhxuHF6yL0

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4a2b206da286a5fc10f722daa2ec9712_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4a2b206da286a5fc10f722daa2ec9712_JaffaCakes118.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.alliedhealthga.com
Port:
587
Username:
[email protected]
Password:
Sisterk1
Email To:
[email protected]

Targets

- Target
  
  4a2b206da286a5fc10f722daa2ec9712_JaffaCakes118
- Size
  
  518KB
- MD5
  
  4a2b206da286a5fc10f722daa2ec9712
- SHA1
  
  17eda317cf7ab2733b8b7a35aafdb19d827ba842
- SHA256
  
  d258a4db20dfd6da41fca5215b43e1f27266735b8be794485d412bb0ddb3c80c
- SHA512
  
  63c4117d9dda94e578e59872b1fe42b8f73445930484e8622963491d1b4a633e9d74dcdbdcca088d5caa692a49b8e59e32982434355c3fef23c3a9944ae2ab4e
- SSDEEP
  
  6144:L16MFohvg6e6UqrlRalE9dGK0JBDxuWaHOikU80G2S+0gHvW+OJz921AsOjz:GhvhU29dGBJhxuHF6yL0
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy