snakekeylogger | 99b817a41205825e28f6d4f33a574991d19abd8bc2f6d49789f685ef780350c7 | Triage

Submit
Reports

Overview

overview

Static

static

3

206a03224a...18.exe

windows7-x64

206a03224a...18.exe

windows10-2004-x64

3

Sharing

General

Target

206a03224a36a00955f4c38e8eb1f87b_JaffaCakes118
Size

465KB
Sample

241008-jppsyszdrh
MD5

206a03224a36a00955f4c38e8eb1f87b
SHA1

7defa953520e04bb1d9ce3a27771c512e61b813b
SHA256

99b817a41205825e28f6d4f33a574991d19abd8bc2f6d49789f685ef780350c7
SHA512

bcbb33c16f770b1d2dc6eadde2ec7d8390ffb614d8b16e651a00b74c2aa14c30d201c61bb101d61c451973a582548243aa22d822378df8b757545fed1773d314
SSDEEP

12288:XsZtXIIyuA5qe7RZnVEUh37KEyAWJu26E8fpB09/YC9JV:XsZtXUuvcfkJ4RfpBQgC9z

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

206a03224a36a00955f4c38e8eb1f87b_JaffaCakes118.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

206a03224a36a00955f4c38e8eb1f87b_JaffaCakes118.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
#Euro123
Email To:
[email protected]

Targets

- Target
  
  206a03224a36a00955f4c38e8eb1f87b_JaffaCakes118
- Size
  
  465KB
- MD5
  
  206a03224a36a00955f4c38e8eb1f87b
- SHA1
  
  7defa953520e04bb1d9ce3a27771c512e61b813b
- SHA256
  
  99b817a41205825e28f6d4f33a574991d19abd8bc2f6d49789f685ef780350c7
- SHA512
  
  bcbb33c16f770b1d2dc6eadde2ec7d8390ffb614d8b16e651a00b74c2aa14c30d201c61bb101d61c451973a582548243aa22d822378df8b757545fed1773d314
- SSDEEP
  
  12288:XsZtXIIyuA5qe7RZnVEUh37KEyAWJu26E8fpB09/YC9JV:XsZtXUuvcfkJ4RfpBQgC9z
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy