snakekeylogger | 633620e0cb1988ec5000a6245f0e1e7ba86b2d75dd97599ef99d2faa5f88c875 | Triage

Submit
Reports

Overview

overview

Static

static

3

35f754da31...18.exe

windows7-x64

35f754da31...18.exe

windows10-2004-x64

Sharing

General

Target

35f754da3114d3bb47b31bf54394084f_JaffaCakes118
Size

820KB
Sample

241011-vwb18ayfkm
MD5

35f754da3114d3bb47b31bf54394084f
SHA1

5340ca0a0d3182ba2e3a5032a781ebbe47572406
SHA256

633620e0cb1988ec5000a6245f0e1e7ba86b2d75dd97599ef99d2faa5f88c875
SHA512

eb7cd523b688e9192d8010bead93d630da637859ca506d4af7a4208f48e57bfa33ef10abe804fd9bcd027754bf3053b5e9603d58999a743e9e3f0fa89790b7c3
SSDEEP

12288:FmTgU2kvaQ/UKC9WaMq8RdE5U0d9eBgUh/YBHK7z4zKbolL7F:FmTgUHlrfdE6a8gUh/bSKboH

Score

10^/10

snakekeylogger discovery evasion execution keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

35f754da3114d3bb47b31bf54394084f_JaffaCakes118.exe

Resource

win7-20241010-en

snakekeylogger discovery evasion execution keylogger stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

35f754da3114d3bb47b31bf54394084f_JaffaCakes118.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery evasion execution keylogger stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
webmail.patagoniachileadventures.com
Port:
25
Username:
[email protected]
Password:
12345
Email To:
[email protected]

Targets

- Target
  
  35f754da3114d3bb47b31bf54394084f_JaffaCakes118
- Size
  
  820KB
- MD5
  
  35f754da3114d3bb47b31bf54394084f
- SHA1
  
  5340ca0a0d3182ba2e3a5032a781ebbe47572406
- SHA256
  
  633620e0cb1988ec5000a6245f0e1e7ba86b2d75dd97599ef99d2faa5f88c875
- SHA512
  
  eb7cd523b688e9192d8010bead93d630da637859ca506d4af7a4208f48e57bfa33ef10abe804fd9bcd027754bf3053b5e9603d58999a743e9e3f0fa89790b7c3
- SSDEEP
  
  12288:FmTgU2kvaQ/UKC9WaMq8RdE5U0d9eBgUh/YBHK7z4zKbolL7F:FmTgUHlrfdE6a8gUh/bSKboH
Score

10^/10

snakekeylogger discovery evasion execution keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoveryevasionexecutionkeyloggerstealer

behavioral2

snakekeyloggerdiscoveryevasionexecutionkeyloggerstealer

© 2018-2024

Terms | Privacy