snakekeylogger | 0f817ba75c359bfe49dacc2f7c03162282e75b8cc955dc94abaebe5099489367 | Triage

Submit
Reports

Overview

overview

Static

static

3

f25f629de8...18.exe

windows7-x64

f25f629de8...18.exe

windows10-2004-x64

Sharing

General

Target

f25f629de8fdb4ef25a1e95086c9d9b7_JaffaCakes118
Size

782KB
Sample

240416-bvjj5adh65
MD5

f25f629de8fdb4ef25a1e95086c9d9b7
SHA1

ccbde1ec4060fd439495c6b446e68bcde4d748bf
SHA256

0f817ba75c359bfe49dacc2f7c03162282e75b8cc955dc94abaebe5099489367
SHA512

6bfa0b3dab28c4344575287370f08adb68972270137598384556bbee44ee9bc9545b97a23038d7f02fc1546383aee046bbe85ef77e8cc2ee1a21023e138e59d2
SSDEEP

24576:fsMHAb0wFVMNj9b7CJtS+/T8sL6Wv0J8fXhzF2SYz:bAYwFShB8b1Lxv0JyT2SYz

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f25f629de8fdb4ef25a1e95086c9d9b7_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f25f629de8fdb4ef25a1e95086c9d9b7_JaffaCakes118.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
webmail.aquariushotelboutique.com
Port:
25
Username:
bseriosema@aquariushotelboutique.com
Password:
6)fvPIxcEVwT
Email To:
bseriosema@aquariushotelboutique.com

Targets

- Target
  
  f25f629de8fdb4ef25a1e95086c9d9b7_JaffaCakes118
- Size
  
  782KB
- MD5
  
  f25f629de8fdb4ef25a1e95086c9d9b7
- SHA1
  
  ccbde1ec4060fd439495c6b446e68bcde4d748bf
- SHA256
  
  0f817ba75c359bfe49dacc2f7c03162282e75b8cc955dc94abaebe5099489367
- SHA512
  
  6bfa0b3dab28c4344575287370f08adb68972270137598384556bbee44ee9bc9545b97a23038d7f02fc1546383aee046bbe85ef77e8cc2ee1a21023e138e59d2
- SSDEEP
  
  24576:fsMHAb0wFVMNj9b7CJtS+/T8sL6Wv0J8fXhzF2SYz:bAYwFShB8b1Lxv0JyT2SYz
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy