snakekeylogger | 2fd10a5668dd0db96cccfa34d4c16e63cbc65c62cd5475b22168f46b787ce559 | Triage

Submit
Reports

Overview

overview

Static

static

3

fe8e419597...18.exe

windows7-x64

fe8e419597...18.exe

windows10-2004-x64

Sharing

General

Target

fe8e4195973d2d1b1ba23a61a69b28e3_JaffaCakes118
Size

615KB
Sample

241219-frvkfazrgq
MD5

fe8e4195973d2d1b1ba23a61a69b28e3
SHA1

d9ee20bf46437de7e9cc4b08c0937b5811949a73
SHA256

2fd10a5668dd0db96cccfa34d4c16e63cbc65c62cd5475b22168f46b787ce559
SHA512

8fad8495e14ad02498f149fd3ac8a82b582a86dce6d5f6c5d0f8f39e8c7b7b610ff9d66b39b2786653974a87122fb8681308cfe0ffa50240da5d3ddec3c4a8a1
SSDEEP

12288:TK5YF12sAqcOsEVQocfu0fpzyejlurXZ6Xdxbr3CKtsMgar2p7NmeNJ:TKMh0d5DN1W7

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fe8e4195973d2d1b1ba23a61a69b28e3_JaffaCakes118.exe

Resource

win7-20240729-en

snakekeylogger discovery keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

fe8e4195973d2d1b1ba23a61a69b28e3_JaffaCakes118.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
werv(WE9
Email To:
[email protected]

Targets

- Target
  
  fe8e4195973d2d1b1ba23a61a69b28e3_JaffaCakes118
- Size
  
  615KB
- MD5
  
  fe8e4195973d2d1b1ba23a61a69b28e3
- SHA1
  
  d9ee20bf46437de7e9cc4b08c0937b5811949a73
- SHA256
  
  2fd10a5668dd0db96cccfa34d4c16e63cbc65c62cd5475b22168f46b787ce559
- SHA512
  
  8fad8495e14ad02498f149fd3ac8a82b582a86dce6d5f6c5d0f8f39e8c7b7b610ff9d66b39b2786653974a87122fb8681308cfe0ffa50240da5d3ddec3c4a8a1
- SSDEEP
  
  12288:TK5YF12sAqcOsEVQocfu0fpzyejlurXZ6Xdxbr3CKtsMgar2p7NmeNJ:TKMh0d5DN1W7
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy