snakekeylogger | 4f449dcfc6f1a34508e8cadf4c681960820abd57309946baedb7b0f1c6644602 | Triage

Submit
Reports

Overview

overview

Static

static

3

f603264ee8...18.exe

windows7-x64

f603264ee8...18.exe

windows10-2004-x64

7

$PLUGINSDI...cz.dll

windows7-x64

$PLUGINSDI...cz.dll

windows10-2004-x64

3

Sharing

General

Target

f603264ee85d737bec54e57115dd162e_JaffaCakes118
Size

291KB
Sample

240417-r4kfsacf48
MD5

f603264ee85d737bec54e57115dd162e
SHA1

5fe32dcfa44dd2fe53c67eace5bf9a8381ba9b0d
SHA256

4f449dcfc6f1a34508e8cadf4c681960820abd57309946baedb7b0f1c6644602
SHA512

344323303c477f10716966fa25c22b725f89bc73325378cf61ac8ad83478518379e4c35088a28fb8969a0576e7ea9aab236217ebfc3cd589ced250c1c171fb98
SSDEEP

6144:wBlL/cw1ewowIpj+BMeM73RxW+LeEaBEs4i12WNesyAsqQ9PR99:Ceae1wBMX7S+LeHEk2WMsZiv

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f603264ee85d737bec54e57115dd162e_JaffaCakes118.exe

Resource

win7-20240215-en

snakekeylogger keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

f603264ee85d737bec54e57115dd162e_JaffaCakes118.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

$PLUGINSDIR/zqwdycz.dll

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral4

Sample

$PLUGINSDIR/zqwdycz.dll

Resource

win10v2004-20240412-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  f603264ee85d737bec54e57115dd162e_JaffaCakes118
- Size
  
  291KB
- MD5
  
  f603264ee85d737bec54e57115dd162e
- SHA1
  
  5fe32dcfa44dd2fe53c67eace5bf9a8381ba9b0d
- SHA256
  
  4f449dcfc6f1a34508e8cadf4c681960820abd57309946baedb7b0f1c6644602
- SHA512
  
  344323303c477f10716966fa25c22b725f89bc73325378cf61ac8ad83478518379e4c35088a28fb8969a0576e7ea9aab236217ebfc3cd589ced250c1c171fb98
- SSDEEP
  
  6144:wBlL/cw1ewowIpj+BMeM73RxW+LeEaBEs4i12WNesyAsqQ9PR99:Ceae1wBMX7S+LeHEk2WMsZiv
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/zqwdycz.dll
- Size
  
  30KB
- MD5
  
  b2ac7f18c76b6104e99389f24cd36856
- SHA1
  
  cfcdbe385c7460a10902fc97f4861ebafc5f4f1b
- SHA256
  
  013997b08f68be3675e38ef8e2c7bd58d7eadfea520d9cb1a520a0c1f195f5b3
- SHA512
  
  138d388f727522c70d8d6feb3497536ef3871287f3b55e746e6d2af1831dbc0ff13fcb044271353f3b40914901c0fcbe6d4a1ae483ca6654a94ed41283fba1db
- SSDEEP
  
  384:ncnX0OmC7zGggDeHu6swci/+9YFKBJSQfZ9FvfGQTu2NtH9VCKTk4YVHnV1nGfqI:cw6szi/YfSQr9+Ou2TyZHV11G7Th
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

behavioral3

snakekeyloggerkeyloggerstealer

behavioral4

© 2018-2024

Terms | Privacy