snakekeylogger | ace1da8276007015547f39a609d2fb1ad3b286df841c5bb70d36934c9f32a140 | Triage

Submit
Reports

Overview

overview

Static

static

3

f826222ce1...18.exe

windows7-x64

f826222ce1...18.exe

windows10-2004-x64

Sharing

General

Target

f826222ce15feefe3db0e05a0a8d3b28_JaffaCakes118
Size

1.2MB
Sample

240418-rbbceagb6t
MD5

f826222ce15feefe3db0e05a0a8d3b28
SHA1

7fb72dd607a6ecb4feb6d349d2eb6247bc06d81b
SHA256

ace1da8276007015547f39a609d2fb1ad3b286df841c5bb70d36934c9f32a140
SHA512

cc9dab4b8640177b183f904c8a52748f1bf9a64ea921451cce04f2732815850c8ac3a1db4e135a50e45cd59f57d2e3db2eb690395baec2c34930fec7436c9a43
SSDEEP

24576:ORS/d3GKzks1ksfJ4wlctmWMOE3Xq05jFSXvrRG27RJy8jh8N6ZNBZ:UKBJ4rtmBpms2neN6ZNB

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f826222ce15feefe3db0e05a0a8d3b28_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f826222ce15feefe3db0e05a0a8d3b28_JaffaCakes118.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.cavilum.cl
Port:
587
Username:
mmardones@cavilum.cl
Password:
Cavilum4313
Email To:
nominas@haciendacantalagua.com

Targets

- Target
  
  f826222ce15feefe3db0e05a0a8d3b28_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  f826222ce15feefe3db0e05a0a8d3b28
- SHA1
  
  7fb72dd607a6ecb4feb6d349d2eb6247bc06d81b
- SHA256
  
  ace1da8276007015547f39a609d2fb1ad3b286df841c5bb70d36934c9f32a140
- SHA512
  
  cc9dab4b8640177b183f904c8a52748f1bf9a64ea921451cce04f2732815850c8ac3a1db4e135a50e45cd59f57d2e3db2eb690395baec2c34930fec7436c9a43
- SSDEEP
  
  24576:ORS/d3GKzks1ksfJ4wlctmWMOE3Xq05jFSXvrRG27RJy8jh8N6ZNBZ:UKBJ4rtmBpms2neN6ZNB
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy