snakekeylogger | 6e4ee83339f06e9cc50d8155757fa3a8cdb81f637183916df01654c3013d0a2e | Triage

Submit
Reports

Overview

overview

Static

static

3

ff846736e7...18.exe

windows7-x64

ff846736e7...18.exe

windows10-2004-x64

Sharing

General

Target

ff846736e7e7c087bafa2fe9c2ba5c74_JaffaCakes118
Size

1.0MB
Sample

240421-r3ya9ade56
MD5

ff846736e7e7c087bafa2fe9c2ba5c74
SHA1

a4d77162c53cab1db7f27a17eb860b15671ae2f2
SHA256

6e4ee83339f06e9cc50d8155757fa3a8cdb81f637183916df01654c3013d0a2e
SHA512

25d7ea3648d52cee211666912a442a5e3c126c6146e269fc8c6d744053069a80090b6fbfd3705d34787de262cad893509cbd961eb346b8e2c786755cde6b35d0
SSDEEP

24576:+o2A4dnYonwyL1c2IGwJJ2NbGqzzSHxfZr/NJKao8:hb81wAIb0NBWxhxJKl8

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ff846736e7e7c087bafa2fe9c2ba5c74_JaffaCakes118.exe

Resource

win7-20240220-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ff846736e7e7c087bafa2fe9c2ba5c74_JaffaCakes118.exe

Resource

win10v2004-20240412-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.fireacoustics.com
Port:
587
Username:
worshippersnake@fireacoustics.com
Password:
_d:rzD~62Jxh
Email To:
returnbox321@gmail.com

Targets

- Target
  
  ff846736e7e7c087bafa2fe9c2ba5c74_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  ff846736e7e7c087bafa2fe9c2ba5c74
- SHA1
  
  a4d77162c53cab1db7f27a17eb860b15671ae2f2
- SHA256
  
  6e4ee83339f06e9cc50d8155757fa3a8cdb81f637183916df01654c3013d0a2e
- SHA512
  
  25d7ea3648d52cee211666912a442a5e3c126c6146e269fc8c6d744053069a80090b6fbfd3705d34787de262cad893509cbd961eb346b8e2c786755cde6b35d0
- SSDEEP
  
  24576:+o2A4dnYonwyL1c2IGwJJ2NbGqzzSHxfZr/NJKao8:hb81wAIb0NBWxhxJKl8
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy