snakekeylogger | 4849dbdaa543b1235a1f8898c99a782d683bcc95353839889b1c0619d113ccaf | Triage

Submit
Reports

Overview

overview

Static

static

3

f86b78245f...18.exe

windows7-x64

f86b78245f...18.exe

windows10-2004-x64

Sharing

General

Target

f86b78245fc59a9841529d0bc4ad6d26_JaffaCakes118
Size

731KB
Sample

240418-vrnt8abd3z
MD5

f86b78245fc59a9841529d0bc4ad6d26
SHA1

4bae6c52736aafbb902f538d5c122cdd1295b2f5
SHA256

4849dbdaa543b1235a1f8898c99a782d683bcc95353839889b1c0619d113ccaf
SHA512

658d16b1950de2ca440df0275e8538760c92355aece2ffb97b126d8b6710e3e095d63aaf5b3cb2b56123428af3cdf222e7f7046ed185384352fbee67afd0d470
SSDEEP

12288:dSipfyYZ7k2iNeHK7zqERSXDFHwAylaorX9C2An8JbiiMIIY0XTIeClGsVVunBj3:dSsrZo1beFX5HMlTsinIvcvAONCQ

Score

10^/10

snakekeylogger evasion keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f86b78245fc59a9841529d0bc4ad6d26_JaffaCakes118.exe

Resource

win7-20240319-en

snakekeylogger evasion keylogger stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

f86b78245fc59a9841529d0bc4ad6d26_JaffaCakes118.exe

Resource

win10v2004-20240412-en

snakekeylogger evasion keylogger stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.ylmzgrup.com
Port:
587
Username:
murat@ylmzgrup.com
Password:
2015Bmws1000rr
Email To:
murat@ylmzgrup.com

Targets

- Target
  
  f86b78245fc59a9841529d0bc4ad6d26_JaffaCakes118
- Size
  
  731KB
- MD5
  
  f86b78245fc59a9841529d0bc4ad6d26
- SHA1
  
  4bae6c52736aafbb902f538d5c122cdd1295b2f5
- SHA256
  
  4849dbdaa543b1235a1f8898c99a782d683bcc95353839889b1c0619d113ccaf
- SHA512
  
  658d16b1950de2ca440df0275e8538760c92355aece2ffb97b126d8b6710e3e095d63aaf5b3cb2b56123428af3cdf222e7f7046ed185384352fbee67afd0d470
- SSDEEP
  
  12288:dSipfyYZ7k2iNeHK7zqERSXDFHwAylaorX9C2An8JbiiMIIY0XTIeClGsVVunBj3:dSsrZo1beFX5HMlTsinIvcvAONCQ
Score

10^/10

snakekeylogger evasion keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerevasionkeyloggerstealer

behavioral2

snakekeyloggerevasionkeyloggerstealer

© 2018-2024

Terms | Privacy