snakekeylogger | 499619c6bc43585013dd421ef88cf14830c85a28bc3ce3984bcf62a24f6d59fc | Triage

Submit
Reports

Overview

overview

Static

static

3

ad76b9dfa5...18.exe

windows7-x64

ad76b9dfa5...18.exe

windows10-2004-x64

7

$PLUGINSDI...pj.dll

windows7-x64

$PLUGINSDI...pj.dll

windows10-2004-x64

1

Sharing

General

Target

ad76b9dfa5917952e3168986e670f683_JaffaCakes118
Size

489KB
Sample

240404-c81k8sda84
MD5

ad76b9dfa5917952e3168986e670f683
SHA1

ddc0497585e60aa3bb95453be1ac1e82425d9b38
SHA256

499619c6bc43585013dd421ef88cf14830c85a28bc3ce3984bcf62a24f6d59fc
SHA512

a95f9e024c6c0ff7f969ad4bde9d6fd6b6861141d94ca3aee242c6dca35b7591545e49bcfed93e691293cdb4db1553b7a096865c10bdbdf3891844c5c816dca4
SSDEEP

6144:88LxBVFEg4x6f+WmGOYJ12CKRP+IWZRL0gZCPPnTr1TSvKsa5bcwJ:JFEg4xB+Id+/7LwnT7Xbc+

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ad76b9dfa5917952e3168986e670f683_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ad76b9dfa5917952e3168986e670f683_JaffaCakes118.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

$PLUGINSDIR/fwvyvpj.dll

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral4

Sample

$PLUGINSDIR/fwvyvpj.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  ad76b9dfa5917952e3168986e670f683_JaffaCakes118
- Size
  
  489KB
- MD5
  
  ad76b9dfa5917952e3168986e670f683
- SHA1
  
  ddc0497585e60aa3bb95453be1ac1e82425d9b38
- SHA256
  
  499619c6bc43585013dd421ef88cf14830c85a28bc3ce3984bcf62a24f6d59fc
- SHA512
  
  a95f9e024c6c0ff7f969ad4bde9d6fd6b6861141d94ca3aee242c6dca35b7591545e49bcfed93e691293cdb4db1553b7a096865c10bdbdf3891844c5c816dca4
- SSDEEP
  
  6144:88LxBVFEg4x6f+WmGOYJ12CKRP+IWZRL0gZCPPnTr1TSvKsa5bcwJ:JFEg4xB+Id+/7LwnT7Xbc+
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/fwvyvpj.dll
- Size
  
  30KB
- MD5
  
  7f78792ff322a3cf595eb8e9417ec39c
- SHA1
  
  93332d47608cc064ffdb1576c67cf609f4969476
- SHA256
  
  92b284f16e60425b34f717ce20e9a379eee29163d2d47d35845110e171cefef7
- SHA512
  
  c6353e3e3124f46f2132b45a08a9711806d8f2275848e600d9d8ba1a1eac0f74120a3d51260dede3e6a52d51533f82aa7e88ba199edeceeb456c174290e255b2
- SSDEEP
  
  768:RC1IE0EO9a6u41l7Hw/pfHg6mEZ8gFsxme3s0:R4T0ECfuOl7HmHhmxpxmwj
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

behavioral3

snakekeyloggerkeyloggerstealer

behavioral4

© 2018-2024

Terms | Privacy