snakekeylogger | 5453ec79288142e9f5f65db0f236e9d1faa1d3ffc981491c2b2c771fc04059de | Triage

Submit
Reports

Overview

overview

Static

static

3

siIts6bV7p8pVpA.exe

windows7-x64

siIts6bV7p8pVpA.exe

windows10-2004-x64

Sharing

General

Target

463e8b0760e23af941c60cfa1678a657_JaffaCakes118
Size

279KB
Sample

240714-rzt5eswhrh
MD5

463e8b0760e23af941c60cfa1678a657
SHA1

5b71e9eef6a49863369be7aad5c977d83a12bb1b
SHA256

5453ec79288142e9f5f65db0f236e9d1faa1d3ffc981491c2b2c771fc04059de
SHA512

c9d69130c3630292c79828bfae5daa748445cbe80e185febf31def08f012e10b5be4d9c26bfa643a03416030e236469c3b6fd0bba79ee8473c3bbbe9adb5da41
SSDEEP

6144:XSr0Xz+i4tuLUawpd4zdZcDXwNgZMj9BR1tco9fIs2N:A0j+i4tRpdHXwNgZMjHZNc

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

siIts6bV7p8pVpA.exe

Resource

win7-20240704-en

snakekeylogger keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

siIts6bV7p8pVpA.exe

Resource

win10v2004-20240709-en

snakekeylogger keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.vivaldi.net
Port:
587
Username:
[email protected]
Password:
1Endurance1234
Email To:
[email protected]

Targets

- Target
  
  siIts6bV7p8pVpA.exe
- Size
  
  329KB
- MD5
  
  a4368e0a121a655183c00f3d1bfa43b3
- SHA1
  
  b7bfff937be760df5b746fc7a83535a0132ac8d0
- SHA256
  
  64e29f703a7f82f83191dc2f20ace8a7e8ca2e44794e8ab3c0a323b475b4ca2b
- SHA512
  
  97dff63625a747d7cddfe77eecd472db15c7576d2e6f29a3ee1a1d92dc9ae1cd634235dcdeaa925f60205bbc579bba05f669868b015d63dbe6f2a22358b7d95a
- SSDEEP
  
  6144:dPtHwAERQ+3HwOi/uLakwpr4jdFcbXMNkZUj9BR/tc49fIs00:djESoi/1prbXMNkZUjH3NR
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy