snakekeylogger | 5e38e3d0a442ea94f31e31b53084f904ab45661dc50c9abec49c0a016dea64a4 | Triage

Submit
Reports

Overview

overview

Static

static

3

(RFQ) - AT...ES.exe

windows7-x64

(RFQ) - AT...ES.exe

windows10-2004-x64

Sharing

General

Target

cc2bcba266b5fa7bccaf7592df6c1837_JaffaCakes118
Size

1.3MB
Sample

241206-k22hyswjgk
MD5

cc2bcba266b5fa7bccaf7592df6c1837
SHA1

dbe4c6ea084ebbc0f2263fe8bd1814cb6f87c759
SHA256

5e38e3d0a442ea94f31e31b53084f904ab45661dc50c9abec49c0a016dea64a4
SHA512

971a7503a35ddd1388bd486786ce30cd6bc10d8ac69fbfc910472cdf2efc05f4ca89127e7cfb6fcf5623a44aa69635eab03021d795957ccb182b68d86149ffe9
SSDEEP

12288:pZKKsn3qGaNHEyC9/oR9gy5FHK7zUXbmiE+JKTNAOhPI5l1yt8jKOhTNMxst1bHH:pZKKUPp9AR95yAivxtwlwdgMxGp9

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

(RFQ) - ATTIQ - 10230-2413_TEMPORARY CONSTRUCTION FACILITIES.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

(RFQ) - ATTIQ - 10230-2413_TEMPORARY CONSTRUCTION FACILITIES.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.fireacoustics.com
Port:
587
Username:
[email protected]
Password:
_d:rzD~62Jxh
Email To:
[email protected]

Targets

- Target
  
  (RFQ) - ATTIQ - 10230-2413_TEMPORARY CONSTRUCTION FACILITIES.exe
- Size
  
  768KB
- MD5
  
  519f9833658acf4cbfc0139b990f1411
- SHA1
  
  0067b543a25625c4ebe64e633fbc4a5fb927045d
- SHA256
  
  e61a3b81de7fce074598eb722f5d11e2ccd26032eadfc0d7f2170b03e02a2b79
- SHA512
  
  c498c9edb4b3f22970614c6402dfde64bc857c273199913f3c2adfa4882c8dc9e46af1d491fed0157705954f3f3593a69b0ee1b158b8460c93001533914b9802
- SSDEEP
  
  12288:HZKKsn3qGaNHEyC9/oR9gy5FHK7zUXbmiE+JKTNAOhPI5l1yt8jKOhTNMxst1bHH:HZKKUPp9AR95yAivxtwlwdgMxGp9
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy