snakekeylogger | f8f07bd1186be13a4fd113537b6d361b5279b1d25f7adbf874e5c6ced9c3f91a | Triage

Submit
Reports

Overview

overview

Static

static

3

c748fef026...18.exe

windows7-x64

c748fef026...18.exe

windows10-2004-x64

Sharing

General

Target

c748fef02603811b9e3b1b280d9a6519_JaffaCakes118
Size

806KB
Sample

241205-mm74aswqcr
MD5

c748fef02603811b9e3b1b280d9a6519
SHA1

dc970ef5af401b895b3d3e5fd5b040dc227cebda
SHA256

f8f07bd1186be13a4fd113537b6d361b5279b1d25f7adbf874e5c6ced9c3f91a
SHA512

88081a59c0181056929203020930dd0682c367cadf45f2a0077ba40a8db3d5dcd170825d19d72c045298499198042272b3d367029d2071a2c1809d84500ace09
SSDEEP

12288:H1KFn3qGaNHEyC9/oR9gy5FHK7znXj1jvXpMjku9uiahDlXu27MbV+Hllo:H1KVPp9AR95yzXj1zXskdisM/kllo

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c748fef02603811b9e3b1b280d9a6519_JaffaCakes118.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

c748fef02603811b9e3b1b280d9a6519_JaffaCakes118.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
send.one.com
Port:
587
Username:
[email protected]
Password:
btRhqDDqbQXOw2SC
Email To:
[email protected]

Targets

- Target
  
  c748fef02603811b9e3b1b280d9a6519_JaffaCakes118
- Size
  
  806KB
- MD5
  
  c748fef02603811b9e3b1b280d9a6519
- SHA1
  
  dc970ef5af401b895b3d3e5fd5b040dc227cebda
- SHA256
  
  f8f07bd1186be13a4fd113537b6d361b5279b1d25f7adbf874e5c6ced9c3f91a
- SHA512
  
  88081a59c0181056929203020930dd0682c367cadf45f2a0077ba40a8db3d5dcd170825d19d72c045298499198042272b3d367029d2071a2c1809d84500ace09
- SSDEEP
  
  12288:H1KFn3qGaNHEyC9/oR9gy5FHK7znXj1jvXpMjku9uiahDlXu27MbV+Hllo:H1KVPp9AR95yzXj1zXskdisM/kllo
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy