snakekeylogger | 03168de08f30d1ce5eba96f05c4687377bd454405c62484667c7f93d636a6d7b | Triage

Submit
Reports

Overview

overview

Static

static

3

ff3570efe3...18.exe

windows7-x64

1

ff3570efe3...18.exe

windows10-2004-x64

Sharing

General

Target

ff3570efe3c65339988cab633a78c030_JaffaCakes118
Size

912KB
Sample

240421-nyyvfaah5s
MD5

ff3570efe3c65339988cab633a78c030
SHA1

1de441e6925118e288ff5cac8bebcaec5b702a46
SHA256

03168de08f30d1ce5eba96f05c4687377bd454405c62484667c7f93d636a6d7b
SHA512

f0339796a3f9b231e9d30101e94eaa859d2bf6e550437bb36dcd83163d105896faa9628e2b2ce35430916f314f9ddba18ccc42d0234a9bfd5ebd57cda1185662
SSDEEP

12288:uWqMOJmbcSMWhT8Dc9F3nC0Py3gAh6N5wOA5t6wOc8JphxOEvpyuntAdkYRbhn05:uXIV8Oc8nhcEhyktu10s8NcJHI

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ff3570efe3c65339988cab633a78c030_JaffaCakes118.exe

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

ff3570efe3c65339988cab633a78c030_JaffaCakes118.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.alliedhealthga.com
Port:
587
Username:
info@alliedhealthga.com
Password:
Sisterk1
Email To:
rollandcraig@yandex.com

Targets

- Target
  
  ff3570efe3c65339988cab633a78c030_JaffaCakes118
- Size
  
  912KB
- MD5
  
  ff3570efe3c65339988cab633a78c030
- SHA1
  
  1de441e6925118e288ff5cac8bebcaec5b702a46
- SHA256
  
  03168de08f30d1ce5eba96f05c4687377bd454405c62484667c7f93d636a6d7b
- SHA512
  
  f0339796a3f9b231e9d30101e94eaa859d2bf6e550437bb36dcd83163d105896faa9628e2b2ce35430916f314f9ddba18ccc42d0234a9bfd5ebd57cda1185662
- SSDEEP
  
  12288:uWqMOJmbcSMWhT8Dc9F3nC0Py3gAh6N5wOA5t6wOc8JphxOEvpyuntAdkYRbhn05:uXIV8Oc8nhcEhyktu10s8NcJHI
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy