snakekeylogger | 7a7dc0189995af994c3c59cae4bbedfcfe3092eda5c504f55128677b0473cdf0

General

Target

JaffaCakes118_7a7dc0189995af994c3c59cae4bbedfcfe3092eda5c504f55128677b0473cdf0
Size

536KB
Sample

241221-wr35ksvqfv
MD5

7dfd390f16ff73cc9b6e69c90539cd60
SHA1

dc96f3a03bb3d64c7919228fde53e92f59147ae6
SHA256

7a7dc0189995af994c3c59cae4bbedfcfe3092eda5c504f55128677b0473cdf0
SHA512

e42fd61598bf34dcd57eb1dac2df64e4ddb58d2828263764c6f9d3059f50e06fae09e7a5f00394868830bd715d72e4d8445b5c8f1756a13208c0bbd256f16507
SSDEEP

12288:HWSnIPPjXKgGI3kGtEdqw6idCN/Bg/Ps/Lqjne7TDnzJyld4w:2SIPPn9UojpioM/Pmqje7TRM4w

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5273407003:AAG7ZG43PS1FZDrj0gADw0sr_lYis0K5EYU/sendMessage?chat_id=2028572980

Targets

- Target
  
  6f7b96dc7619ee8771b4bcfd5728662eae5ef1757ffd5dca70c956270e8a47b9
- Size
  
  832KB
- MD5
  
  11baa64935e201698da47d9e22ccc5c5
- SHA1
  
  c6dc3e1f3b9860e8eba2795f274e4b2b37ec8279
- SHA256
  
  6f7b96dc7619ee8771b4bcfd5728662eae5ef1757ffd5dca70c956270e8a47b9
- SHA512
  
  67651f66919cbe911315ba1302a42c0ddc710d5e71cde1ea70b13f54f92d29c8c901b632eba3df4b1347307ea7dbbe62c7870fb819f4bf4c08c912236ca9bec7
- SSDEEP
  
  12288:T3EuqeV0GZFFywMkIUP6Oi8m67UPn0wht0JWw42IqqPym8nRl8z:T3EucwMkHPaeCTt07LPbg
Score

10^/10

snakekeylogger collection credential_access discovery keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2