snakekeylogger | b68c7b0dc7a0332119c733dd3882921ac9dd04e649bf16250552f5923ddab76e | Triage

Sharing

General

Target

JaffaCakes118_b68c7b0dc7a0332119c733dd3882921ac9dd04e649bf16250552f5923ddab76e
Size

563KB
Sample

241226-tr7rnazrcp
MD5

71549fae1097d906f6484da7a55bbd6c
SHA1

322449a6be1d6ec698f16284559cbe739de58516
SHA256

b68c7b0dc7a0332119c733dd3882921ac9dd04e649bf16250552f5923ddab76e
SHA512

60f6f6b0df2307ee34f6f88b3600ba66433511ad85383377388c3d4c08c0ba01f6ccad1f3d758e329a372498ed711872e9a88bf2b085a3454df9f9218f5992ed
SSDEEP

12288:jrU16Seh3mfZWqKfP/Ov/jzbqLfQVTZTRn2skdeqAjvHkff2uN05:fU19eBmkqKfQ/jzaQ3RnQYfkff2005

Score

10^/10

snakekeylogger discovery keylogger stealer

Malware Config

Targets

- Target
  
  d8fc9092bda462febd606eb7aa814bf92ea0f316fd05856cf8fa39a173ccf5dc
- Size
  
  576KB
- MD5
  
  52dfa0efff6239c012df3aa4885738e9
- SHA1
  
  289abb9973ad604135eda9c233a0d4d8804d8b33
- SHA256
  
  d8fc9092bda462febd606eb7aa814bf92ea0f316fd05856cf8fa39a173ccf5dc
- SHA512
  
  c7d74fedfc0a30e91450b6b778c621567b9c14272c64e1489b6ce7e74c1fa997d414fb044f95cfdf230851246d298ee9b4d102b009093b46ee275309375b1818
- SSDEEP
  
  12288:HNlrrAUo+7LsgRhNYIIYwl+4RPf+02VZn6EBpbEXNoC7x7DRYWL4:HNl/A0cIHYIIrU4RPf+xH6mpgXNovb
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  kqxnamcagu.exe
- Size
  
  65KB
- MD5
  
  633e7a3ed0d7a1e1e1404dc9117403b5
- SHA1
  
  c4bab081edcdf7964f2e9887240138df65ff9fe8
- SHA256
  
  def2b6e18e46018ecda8107b333f24c5fd3f58582d17eadde6d448889db5151e
- SHA512
  
  79b497b3ec5d11777d458f88ced2ae2dd41124385c479ac8a8cf9b48903f0c389f111b785e08980dce0f4e59ca1cdf3237c2ce409fe1b4237669de139eabc1b6
- SSDEEP
  
  768:b8MWcPnCTvP25D6T5WfbKFb1/7ZJ3u/tl09MbtSUpi3gqNKtc8WQcJf5sWjcdUVP:AgeOh6NUbe/91AtGUc85crsWjcdUZ
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

behavioral3

behavioral4