snakekeylogger | 0efc0d67d9be3cbc40ab4ad49b85d9cc4bb5997211899feb7437e427831015fa | Triage

Submit
Reports

Overview

overview

Static

static

3

f69d8f7707...18.exe

windows7-x64

f69d8f7707...18.exe

windows10-2004-x64

Sharing

General

Target

f69d8f7707fd214fad1dbf3f1f1765a9_JaffaCakes118
Size

556KB
Sample

240417-1c5r3sfh4s
MD5

f69d8f7707fd214fad1dbf3f1f1765a9
SHA1

2a06deaf1ad3da40cd72528e04336f6bd0f16871
SHA256

0efc0d67d9be3cbc40ab4ad49b85d9cc4bb5997211899feb7437e427831015fa
SHA512

916994ec83f490f64a7b72ef4fead205d96d95b0f7fb0437af1e2adb9bc2254174fc58e2ca902efdd6b5f2046183f591a7d0800bbe853e0417d2ad4ea7263cd5
SSDEEP

12288:QSgWYL9+BCta5h7woBS4y721TlFLnccwFuz4MFeuu3qAM2ZAZ3DWjitGginvQj9O:QSgB9+BC8ZBS4qHurFeuq

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f69d8f7707fd214fad1dbf3f1f1765a9_JaffaCakes118.exe

Resource

win7-20240319-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f69d8f7707fd214fad1dbf3f1f1765a9_JaffaCakes118.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
log@procreditb.com
Password:
Blessings16
Email To:
officeofgrace24@yandex.com

Targets

- Target
  
  f69d8f7707fd214fad1dbf3f1f1765a9_JaffaCakes118
- Size
  
  556KB
- MD5
  
  f69d8f7707fd214fad1dbf3f1f1765a9
- SHA1
  
  2a06deaf1ad3da40cd72528e04336f6bd0f16871
- SHA256
  
  0efc0d67d9be3cbc40ab4ad49b85d9cc4bb5997211899feb7437e427831015fa
- SHA512
  
  916994ec83f490f64a7b72ef4fead205d96d95b0f7fb0437af1e2adb9bc2254174fc58e2ca902efdd6b5f2046183f591a7d0800bbe853e0417d2ad4ea7263cd5
- SSDEEP
  
  12288:QSgWYL9+BCta5h7woBS4y721TlFLnccwFuz4MFeuu3qAM2ZAZ3DWjitGginvQj9O:QSgB9+BC8ZBS4qHurFeuq
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy