snakekeylogger | 1bad27962e547d124508b0d4cf410099897016d06a60ef51badf5fb67b95771e | Triage

Submit
Reports

Overview

overview

Static

static

3

4ff5e0533b...18.exe

windows7-x64

4ff5e0533b...18.exe

windows10-2004-x64

Sharing

General

Target

4ff5e0533b3d8e8bd3dcf3de18e02fd8_JaffaCakes118
Size

536KB
Sample

241017-a6pd3ssgla
MD5

4ff5e0533b3d8e8bd3dcf3de18e02fd8
SHA1

01b43477d3412a248d23c7c3a832b0e085547ef0
SHA256

1bad27962e547d124508b0d4cf410099897016d06a60ef51badf5fb67b95771e
SHA512

7aa3750a60c334c5a94a7aed749177731863cc680a856b5f59aae3747ff90c4b22a5f7fb469e13b73b9a9dd078cc2444a5d1e0654b04028d5d9611d85680d131
SSDEEP

12288:p9NTD2ltlodV8B80yyHcGS3bIYw18mloELLtd/zvTxBHxFno8:q5flRT

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4ff5e0533b3d8e8bd3dcf3de18e02fd8_JaffaCakes118.exe

Resource

win7-20240729-en

snakekeylogger discovery keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

4ff5e0533b3d8e8bd3dcf3de18e02fd8_JaffaCakes118.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1740221425:AAEOVM7H7MhKkyXcbjQXPID2QnxGYTTnqCY/sendMessage?chat_id=1482312326

Targets

- Target
  
  4ff5e0533b3d8e8bd3dcf3de18e02fd8_JaffaCakes118
- Size
  
  536KB
- MD5
  
  4ff5e0533b3d8e8bd3dcf3de18e02fd8
- SHA1
  
  01b43477d3412a248d23c7c3a832b0e085547ef0
- SHA256
  
  1bad27962e547d124508b0d4cf410099897016d06a60ef51badf5fb67b95771e
- SHA512
  
  7aa3750a60c334c5a94a7aed749177731863cc680a856b5f59aae3747ff90c4b22a5f7fb469e13b73b9a9dd078cc2444a5d1e0654b04028d5d9611d85680d131
- SSDEEP
  
  12288:p9NTD2ltlodV8B80yyHcGS3bIYw18mloELLtd/zvTxBHxFno8:q5flRT
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy