snakekeylogger | 01d37601fd50c088f9be3cc2395e9f9ef3ffe3aee282147d0ebdd3bce0866cae | Triage

Submit
Reports

Overview

overview

Static

static

3

BE-IZ-Q-12...AL.exe

windows7-x64

BE-IZ-Q-12...AL.exe

windows10-2004-x64

Sharing

General

Target

878df7fd8ec553ff54eb7fae9d8cdba8_JaffaCakes118
Size

1.9MB
Sample

241102-y8gn1svbqf
MD5

878df7fd8ec553ff54eb7fae9d8cdba8
SHA1

34dafcba5eb9995522969dbeefbfbd94328de240
SHA256

01d37601fd50c088f9be3cc2395e9f9ef3ffe3aee282147d0ebdd3bce0866cae
SHA512

f4ac9a750d8db07bdd7be4cd27e9c279b36c8d205680b78848f95bfa6a1511b4505fa9ebb6744316457a6bde424cc6f2e5fdc90f4ff5cd8e9b06f6bb83ed3ad7
SSDEEP

12288:+C3hpINYoA3P1/GyjcOgHf4uvP9H539XKfalV7T2fXOk/HmUVppUuEVCHo:+CTIN7EZVjcZHf4YbN6UV7T2fXOvOQ

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BE-IZ-Q-1278-21 - COMMERCIAL.exe

Resource

win7-20240708-en

snakekeylogger discovery keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

BE-IZ-Q-1278-21 - COMMERCIAL.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.fireacoustics.com
Port:
587
Username:
[email protected]
Password:
_d:rzD~62Jxh
Email To:
[email protected]

Targets

- Target
  
  BE-IZ-Q-1278-21 - COMMERCIAL.exe
- Size
  
  1.3MB
- MD5
  
  9c032d7fbfdfe2064f850a9f2f0cfcaa
- SHA1
  
  81633e6bb46148fff7f81330c5ca43b055f17be0
- SHA256
  
  522ef9da580292e5ef0de44c4c3522f8f4fea1f4248467ff66a7d638be7a305c
- SHA512
  
  50df0bb3764e014c1cdb888c5984a2c0b8439be232e90eacceeb9a517354456858a4327b0194da72facddafb4a4ace377340e54eb0919d3c2a8bf46d3d15cda7
- SSDEEP
  
  12288:MC3hpINYoA3P1/GyjcOgHf4uvP9H539XKfalV7T2fXOk/HmUVppUuEVCHo:MCTIN7EZVjcZHf4YbN6UV7T2fXOvOQ
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy