snakekeylogger | b4fab30e3e48d0b9f565b1ba0aeb34a9c340bc67e71b34cc24a96224ad2577e2

General

Target

JaffaCakes118_b4fab30e3e48d0b9f565b1ba0aeb34a9c340bc67e71b34cc24a96224ad2577e2
Size

289KB
Sample

241225-rbp6kavlhj
MD5

f3b19bc7454f0585e6016d94d7d8821c
SHA1

393b27819acc6aed94aff07fd5a3e19debe3723d
SHA256

b4fab30e3e48d0b9f565b1ba0aeb34a9c340bc67e71b34cc24a96224ad2577e2
SHA512

3033a859bad3aec036aa6bab5fd1a12c915352f4dfaba7f1d80ed43c1a282e6793bc06167799286211d10d17c6e5484d60c079ce45dc698a3259bf0780b6528d
SSDEEP

6144:qEkBva/Ua7M5So2ZhO8rsG+Q00v0Amre9MgQQWU61yqpSjOqc4:qEkxa/Ua7M5R2ZhXs+mS91QQt6g6SyqF

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5231087432:AAGpDNiylOvJ21KejYNZPyeLSQa-u4GJlU4/sendMessage?chat_id=1474445387

Targets

- Target
  
  a52d9b136a8a439dab2da1d870ab2a75d2847817191bc785e3894c95b9c9eff7
- Size
  
  414KB
- MD5
  
  7df48a735cf653a7cdfafdacfa18e9fe
- SHA1
  
  8392410562ae6bb1d8792f7e82cc78d334136c10
- SHA256
  
  a52d9b136a8a439dab2da1d870ab2a75d2847817191bc785e3894c95b9c9eff7
- SHA512
  
  a3721db0f5abfed191975bac48d7d10f0ee34304e2384080fdb501b7ff45bbb9f58d805103c1fb340ae28e799befd49f4723548a1ca83cbbcc66d21518ee11c3
- SSDEEP
  
  6144:Hg0GgLaOwh3biYqc0kpScxhBryo0aVJchfoWUC8Qr+1vFZnyBTgwLr4h6/qA2ur:A0GgLCh3b/msfurawWq8Ntu/J
Score

10^/10

snakekeylogger defense_evasion discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- System Binary Proxy Execution: InstallUtil
  Abuse InstallUtil to proxy execution of malicious code.
  defense_evasion
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

System Binary Proxy Execution

1

T1218

InstallUtil

1

T1218.004

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

System Binary Proxy Execution: InstallUtil

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2