snakekeylogger | af5672497085dd27560917db1b83a913296d5335f898351a0eeab452644af109 | Triage

Submit
Reports

Overview

overview

Static

static

3

a82c79fde9...18.exe

windows7-x64

a82c79fde9...18.exe

windows10-2004-x64

Sharing

General

Target

a82c79fde94745923161d70e357087af_JaffaCakes118
Size

738KB
Sample

241127-razcvawmfv
MD5

a82c79fde94745923161d70e357087af
SHA1

71cae27fb4a10eab6c50dedb02d625d80596a540
SHA256

af5672497085dd27560917db1b83a913296d5335f898351a0eeab452644af109
SHA512

c4abbd062ed2b02354eb001e9e7578c6998731abcb40de849e67f02717099331630255501ae55a628f175e624972ae71f0b5119677c5585c3e44406959499ae6
SSDEEP

12288:6sroE0DGsAqEFjc7q5yxww3jC6gYEQoWmi/EQyaUVKnp:OEuGdnqAyxP3GiEhWmi/Oahp

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a82c79fde94745923161d70e357087af_JaffaCakes118.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

a82c79fde94745923161d70e357087af_JaffaCakes118.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: ftp
Host:
ftp://ftp.ecurs.ro/
Port:
21
Username:
[email protected]
Password:
dGZ5eznXv76y

Targets

- Target
  
  a82c79fde94745923161d70e357087af_JaffaCakes118
- Size
  
  738KB
- MD5
  
  a82c79fde94745923161d70e357087af
- SHA1
  
  71cae27fb4a10eab6c50dedb02d625d80596a540
- SHA256
  
  af5672497085dd27560917db1b83a913296d5335f898351a0eeab452644af109
- SHA512
  
  c4abbd062ed2b02354eb001e9e7578c6998731abcb40de849e67f02717099331630255501ae55a628f175e624972ae71f0b5119677c5585c3e44406959499ae6
- SSDEEP
  
  12288:6sroE0DGsAqEFjc7q5yxww3jC6gYEQoWmi/EQyaUVKnp:OEuGdnqAyxP3GiEhWmi/Oahp
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy