snakekeylogger | ed38554e6ba513baec1a33967903263d06c6e131fbde04f80e2c315a81c113a2 | Triage

Submit
Reports

Overview

overview

Static

static

3

becd837131...18.exe

windows7-x64

becd837131...18.exe

windows10-2004-x64

Sharing

General

Target

becd8371316c6ce0003a3beb62b9b471_JaffaCakes118
Size

1.0MB
Sample

241203-xrkhxaypbx
MD5

becd8371316c6ce0003a3beb62b9b471
SHA1

a5a5d5ae8644cb30a56c81c9a6811e7b3e1c1aaa
SHA256

ed38554e6ba513baec1a33967903263d06c6e131fbde04f80e2c315a81c113a2
SHA512

81d9d71a3b83fcba2598d86a5abf910d76554f1a505b6d3d5bb3aa503b8b5e246ef4ff1431fe1eb6b96cc66370d790497bb7338350b71a0cb8546b89c1e87769
SSDEEP

12288:EBDxYG420tPMugAUMQTakbZ5mVzWT/jFjVWyBOCJOULzxHXjFX2KaFo8flk8q:EBD+320hgAcTZfHTrO9C1lZX

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

becd8371316c6ce0003a3beb62b9b471_JaffaCakes118.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

becd8371316c6ce0003a3beb62b9b471_JaffaCakes118.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
bh-16.webhostbox.net
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#$
Email To:
[email protected]

Targets

- Target
  
  becd8371316c6ce0003a3beb62b9b471_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  becd8371316c6ce0003a3beb62b9b471
- SHA1
  
  a5a5d5ae8644cb30a56c81c9a6811e7b3e1c1aaa
- SHA256
  
  ed38554e6ba513baec1a33967903263d06c6e131fbde04f80e2c315a81c113a2
- SHA512
  
  81d9d71a3b83fcba2598d86a5abf910d76554f1a505b6d3d5bb3aa503b8b5e246ef4ff1431fe1eb6b96cc66370d790497bb7338350b71a0cb8546b89c1e87769
- SSDEEP
  
  12288:EBDxYG420tPMugAUMQTakbZ5mVzWT/jFjVWyBOCJOULzxHXjFX2KaFo8flk8q:EBD+320hgAcTZfHTrO9C1lZX
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy