snakekeylogger | df9ce9ef0fe2c633c368b9859f6f88672b5be6867c52ad54d6b7ab42081893fd | Triage

Submit
Reports

Overview

overview

Static

static

3

83c11e7d4f...18.exe

windows7-x64

83c11e7d4f...18.exe

windows10-2004-x64

Sharing

General

Target

83c11e7d4fcf13515fc5be9938dd75be_JaffaCakes118
Size

641KB
Sample

240402-e6mbyagf51
MD5

83c11e7d4fcf13515fc5be9938dd75be
SHA1

5b1267583abf7803a20aa63bc9739894ee567c31
SHA256

df9ce9ef0fe2c633c368b9859f6f88672b5be6867c52ad54d6b7ab42081893fd
SHA512

6b07e7e369554e6bbe036263ef93fe2019606d8ac68049bc44b03dbcaccc5e4f47975fc59d5d54a9fde6bfced9e51f44340de1c8bc3e92f6cbbf84c99fb5f2b2
SSDEEP

12288:Yezd3qC2zcJ0DrpE5zSHPWEuB+wNaSctMX:YeRahzZpozSHPWEuBWM

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

83c11e7d4fcf13515fc5be9938dd75be_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

83c11e7d4fcf13515fc5be9938dd75be_JaffaCakes118.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
budgetn.shop
Port:
587
Username:
[email protected]
Password:
rSJ9l_d%#+1Z
Email To:
[email protected]

Targets

- Target
  
  83c11e7d4fcf13515fc5be9938dd75be_JaffaCakes118
- Size
  
  641KB
- MD5
  
  83c11e7d4fcf13515fc5be9938dd75be
- SHA1
  
  5b1267583abf7803a20aa63bc9739894ee567c31
- SHA256
  
  df9ce9ef0fe2c633c368b9859f6f88672b5be6867c52ad54d6b7ab42081893fd
- SHA512
  
  6b07e7e369554e6bbe036263ef93fe2019606d8ac68049bc44b03dbcaccc5e4f47975fc59d5d54a9fde6bfced9e51f44340de1c8bc3e92f6cbbf84c99fb5f2b2
- SSDEEP
  
  12288:Yezd3qC2zcJ0DrpE5zSHPWEuB+wNaSctMX:YeRahzZpozSHPWEuBWM
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy