snakekeylogger | 4ac9b6a9a2e4787dcf2f85ac31200933d3e3a01b9a0410c13ffc46277a1d3a16 | Triage

Submit
Reports

Overview

overview

Static

static

3

ee3071fbf7...18.exe

windows7-x64

ee3071fbf7...18.exe

windows10-2004-x64

Sharing

General

Target

ee3071fbf7d91381442734c6145a11fa_JaffaCakes118
Size

710KB
Sample

240411-yda8raba79
MD5

ee3071fbf7d91381442734c6145a11fa
SHA1

ba0a843115aa24d3ea4734f9329d5b19ed435c20
SHA256

4ac9b6a9a2e4787dcf2f85ac31200933d3e3a01b9a0410c13ffc46277a1d3a16
SHA512

ad496a7b34ab9d842fa04069b051030ed840cd4b33fbf23aa09babaab9f34a5593e32b0a224c038f9d8ab17f1c61f611fb777b54cf9fc36ce060274e520dd936
SSDEEP

12288:+HauZjuFWsGB55UXkktw4mMz0VLmkeSsqqYvz+q84n86oAH5cC0oQJ0VU5V6fJKT:kZjNhuXkWwxMwDenWz+28mHSUUP6fJKT

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ee3071fbf7d91381442734c6145a11fa_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ee3071fbf7d91381442734c6145a11fa_JaffaCakes118.exe

Resource

win10v2004-20240319-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.bncfood.ly
Port:
587
Username:
[email protected]
Password:
n7X=nOFS^O[[+a9{l$
Email To:
[email protected]

Targets

- Target
  
  ee3071fbf7d91381442734c6145a11fa_JaffaCakes118
- Size
  
  710KB
- MD5
  
  ee3071fbf7d91381442734c6145a11fa
- SHA1
  
  ba0a843115aa24d3ea4734f9329d5b19ed435c20
- SHA256
  
  4ac9b6a9a2e4787dcf2f85ac31200933d3e3a01b9a0410c13ffc46277a1d3a16
- SHA512
  
  ad496a7b34ab9d842fa04069b051030ed840cd4b33fbf23aa09babaab9f34a5593e32b0a224c038f9d8ab17f1c61f611fb777b54cf9fc36ce060274e520dd936
- SSDEEP
  
  12288:+HauZjuFWsGB55UXkktw4mMz0VLmkeSsqqYvz+q84n86oAH5cC0oQJ0VU5V6fJKT:kZjNhuXkWwxMwDenWz+28mHSUUP6fJKT
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy