snakekeylogger | 5c48b185c563d651a20fa4c212d08550810f1fd459351ece28509805061b19be | Triage

Submit
Reports

Overview

overview

Static

static

3

f214b97d08...18.exe

windows7-x64

f214b97d08...18.exe

windows10-2004-x64

Sharing

General

Target

f214b97d081f549c3527c0b1f2631b21_JaffaCakes118
Size

759KB
Sample

240415-2hsv5scb9t
MD5

f214b97d081f549c3527c0b1f2631b21
SHA1

8285783bee73f84baa5c6eab704eaf47ededf987
SHA256

5c48b185c563d651a20fa4c212d08550810f1fd459351ece28509805061b19be
SHA512

489502ad8c27885826729d64669a22eec4ae310af1a85af1c421959e530fe138fe8607c2a5a7af6adf07b1c086321555bc76f1886c6a963d5d6ceea69ae4b1a0
SSDEEP

12288:sqCoL4/HK7zcixJmab3QxFlk+Xr5uP0rbhNIxUFUzfOORB3fAzq3Rc9gOHkOuAig:sZ6fgixJPTq5XrUP0rNaJS+B32q3R4

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f214b97d081f549c3527c0b1f2631b21_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f214b97d081f549c3527c0b1f2631b21_JaffaCakes118.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.rabyhalmutawassit.ly
Port:
587
Username:
info@rabyhalmutawassit.ly
Password:
Pugu);Am9utIM68{gN
Email To:
amin.aminlogbox@yandex.com

Targets

- Target
  
  f214b97d081f549c3527c0b1f2631b21_JaffaCakes118
- Size
  
  759KB
- MD5
  
  f214b97d081f549c3527c0b1f2631b21
- SHA1
  
  8285783bee73f84baa5c6eab704eaf47ededf987
- SHA256
  
  5c48b185c563d651a20fa4c212d08550810f1fd459351ece28509805061b19be
- SHA512
  
  489502ad8c27885826729d64669a22eec4ae310af1a85af1c421959e530fe138fe8607c2a5a7af6adf07b1c086321555bc76f1886c6a963d5d6ceea69ae4b1a0
- SSDEEP
  
  12288:sqCoL4/HK7zcixJmab3QxFlk+Xr5uP0rbhNIxUFUzfOORB3fAzq3Rc9gOHkOuAig:sZ6fgixJPTq5XrUP0rNaJS+B32q3R4
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy