snakekeylogger | 30b1a884738e4fc2f2c2e0037be1be4783042022742acd496995cde5414250b6 | Triage

Submit
Reports

Overview

overview

Static

static

3

ec2e55e29b...18.exe

windows7-x64

ec2e55e29b...18.exe

windows10-2004-x64

Sharing

General

Target

ec2e55e29b1b4aaf588c4fa6f6b62300_JaffaCakes118
Size

10.0MB
Sample

240410-22p9csgh41
MD5

ec2e55e29b1b4aaf588c4fa6f6b62300
SHA1

a31c483891d4fe5903ff0c0070f3850db437007b
SHA256

30b1a884738e4fc2f2c2e0037be1be4783042022742acd496995cde5414250b6
SHA512

ead42739060cbdc67fe1cff45c6bfc26d5c1d835f7bbd7a66300b4c9c987d6554e89a3c43d166cdc1e1358901e8101a51b08847f67aef2b6f72ef0825d7815b4
SSDEEP

12288:astYdODLqJmNuoLkJAN6e718zT+p6fhX/v3F41k/052cBYF3swef:astY4PTv/06pWZn3wkM5vBk3G

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ec2e55e29b1b4aaf588c4fa6f6b62300_JaffaCakes118.exe

Resource

win7-20240215-en

snakekeylogger keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ec2e55e29b1b4aaf588c4fa6f6b62300_JaffaCakes118.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
info@gdrogroup.com
Password:
fintanA1
Email To:
snack@gdrogroup.com

Targets

- Target
  
  ec2e55e29b1b4aaf588c4fa6f6b62300_JaffaCakes118
- Size
  
  10.0MB
- MD5
  
  ec2e55e29b1b4aaf588c4fa6f6b62300
- SHA1
  
  a31c483891d4fe5903ff0c0070f3850db437007b
- SHA256
  
  30b1a884738e4fc2f2c2e0037be1be4783042022742acd496995cde5414250b6
- SHA512
  
  ead42739060cbdc67fe1cff45c6bfc26d5c1d835f7bbd7a66300b4c9c987d6554e89a3c43d166cdc1e1358901e8101a51b08847f67aef2b6f72ef0825d7815b4
- SSDEEP
  
  12288:astYdODLqJmNuoLkJAN6e718zT+p6fhX/v3F41k/052cBYF3swef:astY4PTv/06pWZn3wkM5vBk3G
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy