snakekeylogger | be95c3b8c727bf769a9ef892c42ff2a3ed9fe764d3297f3214e715e243c69995 | Triage

Submit
Reports

Overview

overview

Static

static

3

BANK INFORMATION.exe

windows7-x64

1

BANK INFORMATION.exe

windows10-2004-x64

Sharing

General

Target

f1a68e045db072db6cc5ccfca53b5b11_JaffaCakes118
Size

606KB
Sample

240415-wkfqpscf35
MD5

f1a68e045db072db6cc5ccfca53b5b11
SHA1

acdcecea1cdd7d215fd97b8323715ee0d5365897
SHA256

be95c3b8c727bf769a9ef892c42ff2a3ed9fe764d3297f3214e715e243c69995
SHA512

6e01b7b5d174cbb03a2c0625c29dea0e9a6052c501fb0f8ed2f629ad1875403820917a0e6289cb714df3937a4da268c822514e2b259abfa1ddb6d97765181f73
SSDEEP

12288:yDTR+PauuhVbdDtuki8QlXQze5rQ+ucgOXOXQexnymW3hJ+lcet:ycPauu3httbQlgyS+ucgOXOfnyIlH

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BANK INFORMATION.exe

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

BANK INFORMATION.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
25
Username:
admin@evapimlogs.com
Password:
BkKMmzZ1
Email To:
nonyekeylogger@gmail.com

Targets

- Target
  
  BANK INFORMATION.exe
- Size
  
  780KB
- MD5
  
  210f37c353be6b2739eaba795cd9b65a
- SHA1
  
  20bc7ff1b8e44e954290cd243d5f4eecb165b52a
- SHA256
  
  46ace3d6e4ad85d164526928dfc1827743f1f9caa7b46d342e211b807afaf55a
- SHA512
  
  ab96d81281aa8f09d86df31dd1bf900097e26778c6e3a557e746478fbc1fd3b0968aa0ea5891ff9f25abec373db9f6becf48edefa936abe7f0f06215b1bda2cd
- SSDEEP
  
  12288:R6rKqn3qGaNHEyC9/oR9gy5FHK7z9LQ5rMsYPCy+CobTDcQLiKE3dcF+P5FXpucl:RuKKPp9AR95yZAMszyiTDVWKE3zPX
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy