snakekeylogger | 49e595816d745be34ae53202b5839e72a30d7245321003fe7a37e1d99508695e | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...24.exe

windows7-x64

JaffaCakes...24.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_1eada844f6d267f4451b9ffa8eba6624
Size

244KB
Sample

250106-mnmhzswqgk
MD5

1eada844f6d267f4451b9ffa8eba6624
SHA1

11144faece06eb2b3c9c7e19ac3c170b66a351f7
SHA256

49e595816d745be34ae53202b5839e72a30d7245321003fe7a37e1d99508695e
SHA512

1ae7d108ea5e92b4959de64702710d8f9941bff341c3d389d5cf54f1eec1d54697de9eee5d65c0e23f9be34700bde582d2b77577fb3ee811a2c7cf950dd9d726
SSDEEP

6144:ngbDaX+pQ7uDe2bQD3g+UP/hry30vBEZTJ:nghpleCQD3g+UP/sB

Score

10^/10

snakekeylogger discovery keylogger persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_1eada844f6d267f4451b9ffa8eba6624.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger persistence stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_1eada844f6d267f4451b9ffa8eba6624.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger persistence stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.efinancet.shop
Port:
587
Username:
[email protected]
Password:
EmeN]m^8=-oI
Email To:
[email protected]

Targets

- Target
  
  JaffaCakes118_1eada844f6d267f4451b9ffa8eba6624
- Size
  
  244KB
- MD5
  
  1eada844f6d267f4451b9ffa8eba6624
- SHA1
  
  11144faece06eb2b3c9c7e19ac3c170b66a351f7
- SHA256
  
  49e595816d745be34ae53202b5839e72a30d7245321003fe7a37e1d99508695e
- SHA512
  
  1ae7d108ea5e92b4959de64702710d8f9941bff341c3d389d5cf54f1eec1d54697de9eee5d65c0e23f9be34700bde582d2b77577fb3ee811a2c7cf950dd9d726
- SSDEEP
  
  6144:ngbDaX+pQ7uDe2bQD3g+UP/hry30vBEZTJ:nghpleCQD3g+UP/sB
Score

10^/10

snakekeylogger discovery keylogger persistence stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerpersistencestealer

behavioral2

snakekeyloggerdiscoverykeyloggerpersistencestealer

© 2018-2025

Terms | Privacy