snakekeylogger | 308d35bb3ca43fcc7d90af3fec74badcc3974b1298fcab3ba53bbf2d9ae572cb | Triage

Submit
Reports

Overview

overview

Static

static

3

a26569f5c8...18.exe

windows7-x64

a26569f5c8...18.exe

windows10-2004-x64

Sharing

General

Target

a26569f5c842151dd41e7b498c3702d4_JaffaCakes118
Size

908KB
Sample

241126-rmdxns1lcl
MD5

a26569f5c842151dd41e7b498c3702d4
SHA1

41dd9d842f2d22a3700101989833275bf561dd20
SHA256

308d35bb3ca43fcc7d90af3fec74badcc3974b1298fcab3ba53bbf2d9ae572cb
SHA512

deae2172a5ecf73623a24b8a7be716d1fc5e4cdd439b7ab5a0ea9d529b909e3a59f1e8e508efe8f4459be478c8985a46a4b774fcdcc86b4f5daf219c6c701b8b
SSDEEP

12288:ainHKvVxzBVfdF61gT/h7+V7qcEWMVM47wYjXglSghu2zXBYhL1OHK7zf5OWi+Cc:azVlBHFUQZ+VjVMVzbXglpXB8xFsI

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a26569f5c842151dd41e7b498c3702d4_JaffaCakes118.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

a26569f5c842151dd41e7b498c3702d4_JaffaCakes118.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  a26569f5c842151dd41e7b498c3702d4_JaffaCakes118
- Size
  
  908KB
- MD5
  
  a26569f5c842151dd41e7b498c3702d4
- SHA1
  
  41dd9d842f2d22a3700101989833275bf561dd20
- SHA256
  
  308d35bb3ca43fcc7d90af3fec74badcc3974b1298fcab3ba53bbf2d9ae572cb
- SHA512
  
  deae2172a5ecf73623a24b8a7be716d1fc5e4cdd439b7ab5a0ea9d529b909e3a59f1e8e508efe8f4459be478c8985a46a4b774fcdcc86b4f5daf219c6c701b8b
- SSDEEP
  
  12288:ainHKvVxzBVfdF61gT/h7+V7qcEWMVM47wYjXglSghu2zXBYhL1OHK7zf5OWi+Cc:azVlBHFUQZ+VjVMVzbXglpXB8xFsI
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy