snakekeylogger | f42557743e88d50544f011d55f67023915bacac6db0e9bde538b7d8e76e047a8 | Triage

Submit
Reports

Overview

overview

Static

static

3

cbc313ddcc...18.exe

windows7-x64

cbc313ddcc...18.exe

windows10-2004-x64

Sharing

General

Target

cbc313ddccede4e1abc2eb066210eb3e_JaffaCakes118
Size

641KB
Sample

240405-fwn88adc95
MD5

cbc313ddccede4e1abc2eb066210eb3e
SHA1

b8e2b4ed6246f0909ae31c334c9aef959ab3f851
SHA256

f42557743e88d50544f011d55f67023915bacac6db0e9bde538b7d8e76e047a8
SHA512

13e1c22f41d87a26f7e8203d75eb2aa977ce137d758d22d5ed04f96d8ef678ee0946604301278fd0517bbe95b1e704dca1bb7d501e96710fc6f16a4de5bfa3b4
SSDEEP

6144:ARFVmrLWI1gED/TA2EN5b5ylmIUUCn7xf+qW/3b7GXrdCMCjsLwNaScBF5HjQ8GB:ARiWSaHb5qjDqWH2pJCCwNaSctMX

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cbc313ddccede4e1abc2eb066210eb3e_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

cbc313ddccede4e1abc2eb066210eb3e_JaffaCakes118.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
budgetn.shop
Port:
587
Username:
[email protected]
Password:
Q?fZ+Z=-tbRN
Email To:
[email protected]

Targets

- Target
  
  cbc313ddccede4e1abc2eb066210eb3e_JaffaCakes118
- Size
  
  641KB
- MD5
  
  cbc313ddccede4e1abc2eb066210eb3e
- SHA1
  
  b8e2b4ed6246f0909ae31c334c9aef959ab3f851
- SHA256
  
  f42557743e88d50544f011d55f67023915bacac6db0e9bde538b7d8e76e047a8
- SHA512
  
  13e1c22f41d87a26f7e8203d75eb2aa977ce137d758d22d5ed04f96d8ef678ee0946604301278fd0517bbe95b1e704dca1bb7d501e96710fc6f16a4de5bfa3b4
- SSDEEP
  
  6144:ARFVmrLWI1gED/TA2EN5b5ylmIUUCn7xf+qW/3b7GXrdCMCjsLwNaScBF5HjQ8GB:ARiWSaHb5qjDqWH2pJCCwNaSctMX
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy