snakekeylogger | 7d6908ae43fb741400ac24a976de03ee6e72a8a306e3fdea805aa4257fb93f1b | Triage

Submit
Reports

Overview

overview

Static

static

3

63f484e36e...18.exe

windows7-x64

63f484e36e...18.exe

windows10-2004-x64

Sharing

General

Target

63f484e36e6533bce2a47bd946486c83_JaffaCakes118
Size

1.3MB
Sample

241020-ycrjcaybnj
MD5

63f484e36e6533bce2a47bd946486c83
SHA1

8815f16a19e0f8c29587b241e635ddb66a0d54ea
SHA256

7d6908ae43fb741400ac24a976de03ee6e72a8a306e3fdea805aa4257fb93f1b
SHA512

a35cc546c2c49dce9441e3888474bb206262915bd7df81395d7085fa99ef7f6092b61f0a1c0a3669abcc8c0d8e6a8c67633475d3e1cec244220263e7c3b0bd62
SSDEEP

24576:zlVpguGi7f2lUAa6fUSCl8NOzx6UbW63+sV98VnUE+7nunaIYPrK:zjaGfNA3fUSClpxl53+sV98VqnunaI42

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

63f484e36e6533bce2a47bd946486c83_JaffaCakes118.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

63f484e36e6533bce2a47bd946486c83_JaffaCakes118.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.coolingsolution.ly
Port:
587
Username:
[email protected]
Password:
0922126259Gofran
Email To:
[email protected]

Targets

- Target
  
  63f484e36e6533bce2a47bd946486c83_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  63f484e36e6533bce2a47bd946486c83
- SHA1
  
  8815f16a19e0f8c29587b241e635ddb66a0d54ea
- SHA256
  
  7d6908ae43fb741400ac24a976de03ee6e72a8a306e3fdea805aa4257fb93f1b
- SHA512
  
  a35cc546c2c49dce9441e3888474bb206262915bd7df81395d7085fa99ef7f6092b61f0a1c0a3669abcc8c0d8e6a8c67633475d3e1cec244220263e7c3b0bd62
- SSDEEP
  
  24576:zlVpguGi7f2lUAa6fUSCl8NOzx6UbW63+sV98VnUE+7nunaIYPrK:zjaGfNA3fUSClpxl53+sV98VqnunaI42
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy