snakekeylogger | d6d15d2505b10290bc12a11dad3f85f8ba055aad43c9a573158fe7e5a32bc0d2 | Triage

Submit
Reports

Overview

overview

Static

static

3

96abc0b6ea...18.exe

windows7-x64

96abc0b6ea...18.exe

windows10-2004-x64

Sharing

General

Target

96abc0b6ea526451ba3a16aefd2828c6_JaffaCakes118
Size

824KB
Sample

241124-xvxmmsvjct
MD5

96abc0b6ea526451ba3a16aefd2828c6
SHA1

0f98c70acfbea63ea49d868e70d8d12ac9d03a9a
SHA256

d6d15d2505b10290bc12a11dad3f85f8ba055aad43c9a573158fe7e5a32bc0d2
SHA512

5712a06812e3a7b0b7913f1b92cb6cbccc5a5c0c1f579a6b887fe3f809b1392d75ecba413bbe17109145965a701e8214cae283fae28f668d1f56c4813837e120
SSDEEP

24576:XslKPp9AR95SBCIut9KKWVwLCSp9BXSmaWUmWKx:NPpKRSBwtXqwWSpnSmaW

Score

10^/10

snakekeylogger discovery evasion keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

96abc0b6ea526451ba3a16aefd2828c6_JaffaCakes118.exe

Resource

win7-20240903-en

snakekeylogger discovery evasion keylogger stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

96abc0b6ea526451ba3a16aefd2828c6_JaffaCakes118.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery evasion keylogger stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.ylmzgrup.com
Port:
587
Username:
[email protected]
Password:
2015Bmws1000rr
Email To:
[email protected]

Targets

- Target
  
  96abc0b6ea526451ba3a16aefd2828c6_JaffaCakes118
- Size
  
  824KB
- MD5
  
  96abc0b6ea526451ba3a16aefd2828c6
- SHA1
  
  0f98c70acfbea63ea49d868e70d8d12ac9d03a9a
- SHA256
  
  d6d15d2505b10290bc12a11dad3f85f8ba055aad43c9a573158fe7e5a32bc0d2
- SHA512
  
  5712a06812e3a7b0b7913f1b92cb6cbccc5a5c0c1f579a6b887fe3f809b1392d75ecba413bbe17109145965a701e8214cae283fae28f668d1f56c4813837e120
- SSDEEP
  
  24576:XslKPp9AR95SBCIut9KKWVwLCSp9BXSmaWUmWKx:NPpKRSBwtXqwWSpnSmaW
Score

10^/10

snakekeylogger discovery evasion keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoveryevasionkeyloggerstealer

behavioral2

snakekeyloggerdiscoveryevasionkeyloggerstealer

© 2018-2024

Terms | Privacy