snakekeylogger | 93e4528267157334ef0d55c3f378ce7f862c00d7c49a9215d8a7426188dda454 | Triage

Submit
Reports

Overview

overview

Static

static

3

BE-IZ-Q-12...AL.exe

windows7-x64

BE-IZ-Q-12...AL.exe

windows10-2004-x64

Sharing

General

Target

f5ca8f415aea09611a9aa9d3c6bd1a2c_JaffaCakes118
Size

1.9MB
Sample

240417-pwsq3sha3y
MD5

f5ca8f415aea09611a9aa9d3c6bd1a2c
SHA1

438276787f950bf79393b0903883fff232684e76
SHA256

93e4528267157334ef0d55c3f378ce7f862c00d7c49a9215d8a7426188dda454
SHA512

311884f53e7b21e0d9ddb1ed44b7e3977662502b0549bc000cb17548c5ae3e480baf4d6d827a2f9a2133ef457575c2561830f7dc8a7183e836f81e9dc9a71750
SSDEEP

12288:WC3hpINYoA3P1/GyjcOgHf4uvP9H539XKfalV7T2fXOk/HmUVppUuEVCHo:WCTIN7EZVjcZHf4YbN6UV7T2fXOvOQ

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BE-IZ-Q-1278-21 - TECHNICAL.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

BE-IZ-Q-1278-21 - TECHNICAL.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.fireacoustics.com
Port:
587
Username:
worshippersnake@fireacoustics.com
Password:
_d:rzD~62Jxh
Email To:
returnbox321@gmail.com

Targets

- Target
  
  BE-IZ-Q-1278-21 - TECHNICAL.exe
- Size
  
  1.3MB
- MD5
  
  9c032d7fbfdfe2064f850a9f2f0cfcaa
- SHA1
  
  81633e6bb46148fff7f81330c5ca43b055f17be0
- SHA256
  
  522ef9da580292e5ef0de44c4c3522f8f4fea1f4248467ff66a7d638be7a305c
- SHA512
  
  50df0bb3764e014c1cdb888c5984a2c0b8439be232e90eacceeb9a517354456858a4327b0194da72facddafb4a4ace377340e54eb0919d3c2a8bf46d3d15cda7
- SSDEEP
  
  12288:MC3hpINYoA3P1/GyjcOgHf4uvP9H539XKfalV7T2fXOk/HmUVppUuEVCHo:MCTIN7EZVjcZHf4YbN6UV7T2fXOvOQ
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy