snakekeylogger | 42980d8f49b4f76609ea5427691703a697e0e5ef0c93403c1fb4948a47154fa3 | Triage

Submit
Reports

Overview

overview

Static

static

3

68b02fb856...18.exe

windows7-x64

68b02fb856...18.exe

windows10-2004-x64

Sharing

General

Target

68b02fb8569daa4d84134aab2fac2058_JaffaCakes118
Size

664KB
Sample

240401-fv9tjaed9z
MD5

68b02fb8569daa4d84134aab2fac2058
SHA1

de769c21769e3bcc1411b9935098fa8c73a00b03
SHA256

42980d8f49b4f76609ea5427691703a697e0e5ef0c93403c1fb4948a47154fa3
SHA512

df70fe7d1f7a42c8f5e7670e1310bf974c42bd191a66142b38983120497fedbc1e71efa1ec94a53f868b8de704fc611b1f24a591f747ccc36d928884753fcf62
SSDEEP

12288:aEhTXYQf1e9t1WATYvLqWd6al+k3j0h0JNV5NrNNzCpSUm+S7AodhifUkZXuBd3s:vQi7A+YfUkZeBd3X3B+

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

68b02fb8569daa4d84134aab2fac2058_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

68b02fb8569daa4d84134aab2fac2058_JaffaCakes118.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
efinancet.shop
Port:
587
Username:
[email protected]
Password:
Pu;wC&nm^2+H
Email To:
[email protected]

Targets

- Target
  
  68b02fb8569daa4d84134aab2fac2058_JaffaCakes118
- Size
  
  664KB
- MD5
  
  68b02fb8569daa4d84134aab2fac2058
- SHA1
  
  de769c21769e3bcc1411b9935098fa8c73a00b03
- SHA256
  
  42980d8f49b4f76609ea5427691703a697e0e5ef0c93403c1fb4948a47154fa3
- SHA512
  
  df70fe7d1f7a42c8f5e7670e1310bf974c42bd191a66142b38983120497fedbc1e71efa1ec94a53f868b8de704fc611b1f24a591f747ccc36d928884753fcf62
- SSDEEP
  
  12288:aEhTXYQf1e9t1WATYvLqWd6al+k3j0h0JNV5NrNNzCpSUm+S7AodhifUkZXuBd3s:vQi7A+YfUkZeBd3X3B+
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy