snakekeylogger | 1c26b57046fc3f021f12a18f23164064342642535614469fdafc92bc19e56a59 | Triage

Submit
Reports

Overview

overview

Static

static

3

f013079b38...18.exe

windows7-x64

1

f013079b38...18.exe

windows10-2004-x64

Sharing

General

Target

f013079b38fe97f4240a0aaa570c32a7_JaffaCakes118
Size

1.2MB
Sample

240415-ctjn6seg81
MD5

f013079b38fe97f4240a0aaa570c32a7
SHA1

ad314eee43b65a1e9168a171bb7b6625c80bd457
SHA256

1c26b57046fc3f021f12a18f23164064342642535614469fdafc92bc19e56a59
SHA512

58b1c6e10bdea114d0e97dd489f2b91d3751b3fee4383b17b2794608eb3da48373a39301dfba67469236bd4a56f58d156da5546d919bdd4d6afbc0562902119e
SSDEEP

24576:SMXyWI8rajQFdCSGFKVhmNLWbWHMkO0iCWWV/Nm/y12Nhm1:SM9IiaZDFKwR0WHRUyYk

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f013079b38fe97f4240a0aaa570c32a7_JaffaCakes118.exe

Resource

win7-20231129-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

f013079b38fe97f4240a0aaa570c32a7_JaffaCakes118.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.onurtriko.com.tr
Port:
587
Username:
info@onurtriko.com.tr
Password:
Ee980502+E
Email To:
info@onurtriko.com.tr

Targets

- Target
  
  f013079b38fe97f4240a0aaa570c32a7_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  f013079b38fe97f4240a0aaa570c32a7
- SHA1
  
  ad314eee43b65a1e9168a171bb7b6625c80bd457
- SHA256
  
  1c26b57046fc3f021f12a18f23164064342642535614469fdafc92bc19e56a59
- SHA512
  
  58b1c6e10bdea114d0e97dd489f2b91d3751b3fee4383b17b2794608eb3da48373a39301dfba67469236bd4a56f58d156da5546d919bdd4d6afbc0562902119e
- SSDEEP
  
  24576:SMXyWI8rajQFdCSGFKVhmNLWbWHMkO0iCWWV/Nm/y12Nhm1:SM9IiaZDFKwR0WHRUyYk
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy