snakekeylogger | 907bed63f29c88a9e192e313c4b51ea6cca3d580a586baae4b6c5791221489cb | Triage

Submit
Reports

Overview

overview

Static

static

3

f8234f03f1...18.exe

windows7-x64

f8234f03f1...18.exe

windows10-2004-x64

Sharing

General

Target

f8234f03f173f5991465b1e733e7d808_JaffaCakes118
Size

964KB
Sample

240418-q7l84sga4z
MD5

f8234f03f173f5991465b1e733e7d808
SHA1

dd644200b86175592796cd7fc5eb5332883e7f69
SHA256

907bed63f29c88a9e192e313c4b51ea6cca3d580a586baae4b6c5791221489cb
SHA512

096c7b819c2f2354c4c510ff4a441e7f56429ec2d970d83f8b4132ff637ee7795af135d0734b9c2804efa50163d0409e5ff51c89a3b7b0e27448bd7f6692bbf4
SSDEEP

24576:t4jrG+lf4W795/d3k64JawO/4u2rzXTS:ten+64Jav8zjS

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f8234f03f173f5991465b1e733e7d808_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f8234f03f173f5991465b1e733e7d808_JaffaCakes118.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.ademkocplastik.com.tr
Port:
587
Username:
ihracat@ademkocplastik.com.tr
Password:
Ad1.iqwerty?_
Email To:
info@tarsusmetalcelik.com

Targets

- Target
  
  f8234f03f173f5991465b1e733e7d808_JaffaCakes118
- Size
  
  964KB
- MD5
  
  f8234f03f173f5991465b1e733e7d808
- SHA1
  
  dd644200b86175592796cd7fc5eb5332883e7f69
- SHA256
  
  907bed63f29c88a9e192e313c4b51ea6cca3d580a586baae4b6c5791221489cb
- SHA512
  
  096c7b819c2f2354c4c510ff4a441e7f56429ec2d970d83f8b4132ff637ee7795af135d0734b9c2804efa50163d0409e5ff51c89a3b7b0e27448bd7f6692bbf4
- SSDEEP
  
  24576:t4jrG+lf4W795/d3k64JawO/4u2rzXTS:ten+64Jav8zjS
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy