snakekeylogger | 3c76d24c83b79cb7426712fd591db33498e37a4ebbe109f300c6afb5c797e8b7 | Triage

Submit
Reports

Overview

overview

Static

static

3

0b41bfe23d...18.exe

windows7-x64

0b41bfe23d...18.exe

windows10-2004-x64

Sharing

General

Target

0b41bfe23d015d2c114f2bae851d8528_JaffaCakes118
Size

952KB
Sample

241002-sdqqjssekq
MD5

0b41bfe23d015d2c114f2bae851d8528
SHA1

e6b2f01a928e27c5c83b6290b2f39660f45ea130
SHA256

3c76d24c83b79cb7426712fd591db33498e37a4ebbe109f300c6afb5c797e8b7
SHA512

d9254ecc92125d5b88863e5685280eaf6141f119b422b7b5acb5e682163c5d3ab84c84471b711e3ba19b6d6bd25b8ada24f2c204f44843c116c418b3f1e8dc53
SSDEEP

12288:zHu0Rx+i82Jxiw4jPCVSRVCgNYC4YyFczHk8kxuujl:zOOJx/4jxRQgNYC4BFczHk8kxdl

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0b41bfe23d015d2c114f2bae851d8528_JaffaCakes118.exe

Resource

win7-20240729-en

snakekeylogger discovery keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

0b41bfe23d015d2c114f2bae851d8528_JaffaCakes118.exe

Resource

win10v2004-20240802-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.paslanmazmakine.com
Port:
587
Username:
[email protected]
Password:
Mu31012017+-
Email To:
[email protected]

Targets

- Target
  
  0b41bfe23d015d2c114f2bae851d8528_JaffaCakes118
- Size
  
  952KB
- MD5
  
  0b41bfe23d015d2c114f2bae851d8528
- SHA1
  
  e6b2f01a928e27c5c83b6290b2f39660f45ea130
- SHA256
  
  3c76d24c83b79cb7426712fd591db33498e37a4ebbe109f300c6afb5c797e8b7
- SHA512
  
  d9254ecc92125d5b88863e5685280eaf6141f119b422b7b5acb5e682163c5d3ab84c84471b711e3ba19b6d6bd25b8ada24f2c204f44843c116c418b3f1e8dc53
- SSDEEP
  
  12288:zHu0Rx+i82Jxiw4jPCVSRVCgNYC4YyFczHk8kxuujl:zOOJx/4jxRQgNYC4BFczHk8kxdl
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy