snakekeylogger | f1de9338fbad62a713783b8bea0f29898ce194a0fc211d7fcd878d5be0c793ca | Triage

Submit
Reports

Overview

overview

Static

static

3

f84d565dff...18.exe

windows7-x64

f84d565dff...18.exe

windows10-2004-x64

Sharing

General

Target

f84d565dff7b1c51703106b1c7bd9eb5_JaffaCakes118
Size

971KB
Sample

240418-syh67sgh43
MD5

f84d565dff7b1c51703106b1c7bd9eb5
SHA1

de38e9e10a062491538568943580c796210ddada
SHA256

f1de9338fbad62a713783b8bea0f29898ce194a0fc211d7fcd878d5be0c793ca
SHA512

4c5aeb6053b9e8eccd363eafc25ba9b48f5ed697cd3d8885f5aa30ab092769587f993171071864997e0c896a7f228f345f717f3822e832aeeaff2e3ced730fd4
SSDEEP

24576:ENnB1Yi6dOOG/dQJaK668dSHKv0897sS1:ENnAi8JaK6QXS1

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f84d565dff7b1c51703106b1c7bd9eb5_JaffaCakes118.exe

Resource

win7-20240215-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f84d565dff7b1c51703106b1c7bd9eb5_JaffaCakes118.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.fireacoustics.com
Port:
587
Username:
worshippersnake@fireacoustics.com
Password:
_d:rzD~62Jxh
Email To:
returnbox321@gmail.com

Targets

- Target
  
  f84d565dff7b1c51703106b1c7bd9eb5_JaffaCakes118
- Size
  
  971KB
- MD5
  
  f84d565dff7b1c51703106b1c7bd9eb5
- SHA1
  
  de38e9e10a062491538568943580c796210ddada
- SHA256
  
  f1de9338fbad62a713783b8bea0f29898ce194a0fc211d7fcd878d5be0c793ca
- SHA512
  
  4c5aeb6053b9e8eccd363eafc25ba9b48f5ed697cd3d8885f5aa30ab092769587f993171071864997e0c896a7f228f345f717f3822e832aeeaff2e3ced730fd4
- SSDEEP
  
  24576:ENnB1Yi6dOOG/dQJaK668dSHKv0897sS1:ENnAi8JaK6QXS1
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy