snakekeylogger | 19f2e87e5318afad4e60612a68cb610caa3306dab2004c56717224733d22baee | Triage

Submit
Reports

Overview

overview

Static

static

3

07d26b190b...18.exe

windows7-x64

3

07d26b190b...18.exe

windows10-2004-x64

Sharing

General

Target

07d26b190b7302dd7153f81a3be251c0_JaffaCakes118
Size

609KB
Sample

241001-29cm8svhpq
MD5

07d26b190b7302dd7153f81a3be251c0
SHA1

60e6706401e15fb0d83ede2d9d518963801213c5
SHA256

19f2e87e5318afad4e60612a68cb610caa3306dab2004c56717224733d22baee
SHA512

42ad74daaa572a9892cc7eea4116021b9cfb307f7e39191086f9d26bb3be51e09c25cfab8e9ecdf448b889ef3eb281bb7fd8e738dbfc84dee35648fa2350df52
SSDEEP

12288:/KUAmvNgMMQqODPnIRQG1US26qXiZMdnJwlakbYUDWw3XZ1LLYSXmXR:/KUdq0i9

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

07d26b190b7302dd7153f81a3be251c0_JaffaCakes118.exe

Resource

win7-20240729-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

07d26b190b7302dd7153f81a3be251c0_JaffaCakes118.exe

Resource

win10v2004-20240802-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
aMfYdLX3
Email To:
[email protected]

Targets

- Target
  
  07d26b190b7302dd7153f81a3be251c0_JaffaCakes118
- Size
  
  609KB
- MD5
  
  07d26b190b7302dd7153f81a3be251c0
- SHA1
  
  60e6706401e15fb0d83ede2d9d518963801213c5
- SHA256
  
  19f2e87e5318afad4e60612a68cb610caa3306dab2004c56717224733d22baee
- SHA512
  
  42ad74daaa572a9892cc7eea4116021b9cfb307f7e39191086f9d26bb3be51e09c25cfab8e9ecdf448b889ef3eb281bb7fd8e738dbfc84dee35648fa2350df52
- SSDEEP
  
  12288:/KUAmvNgMMQqODPnIRQG1US26qXiZMdnJwlakbYUDWw3XZ1LLYSXmXR:/KUdq0i9
Score

10^/10

discovery snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy