snakekeylogger | 853384b95098ae2591328fad181230b71e49dc55935af66056d6e505500ab8fa

General

Target

JaffaCakes118_3059cf89548babd7f883f6669403711b
Size

464KB
Sample

250106-vwglpsslhx
MD5

3059cf89548babd7f883f6669403711b
SHA1

7c97d773f230f63eb7669370611986cd5c92f03a
SHA256

853384b95098ae2591328fad181230b71e49dc55935af66056d6e505500ab8fa
SHA512

6fefb43ceff9794466a4f88d98cc2a0e9fac47c8c9be2f3e0237da3e0302d2bdc2afbfe9fbb272bbe155423013411c9b09e13e9479a9ac9014b8d26fb3ed4b21
SSDEEP

12288:j4C8+ZqG3cAh/AT6yTMXgxyEl36ctAoikdgZ:rzcG3jh/ATryEl33yugZ

Score

10^/10

Malware Config

Targets

- Target
  
  JaffaCakes118_3059cf89548babd7f883f6669403711b
- Size
  
  464KB
- MD5
  
  3059cf89548babd7f883f6669403711b
- SHA1
  
  7c97d773f230f63eb7669370611986cd5c92f03a
- SHA256
  
  853384b95098ae2591328fad181230b71e49dc55935af66056d6e505500ab8fa
- SHA512
  
  6fefb43ceff9794466a4f88d98cc2a0e9fac47c8c9be2f3e0237da3e0302d2bdc2afbfe9fbb272bbe155423013411c9b09e13e9479a9ac9014b8d26fb3ed4b21
- SSDEEP
  
  12288:j4C8+ZqG3cAh/AT6yTMXgxyEl36ctAoikdgZ:rzcG3jh/ATryEl33yugZ
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/oezmnaybrma.dll
- Size
  
  20KB
- MD5
  
  e3e7ada7af7f7560a909eee23348cce6
- SHA1
  
  8d41ded7481ee7f95816515c367116782932ef13
- SHA256
  
  cba0d722c1e33b61881ac05c0db2cf088dd9702e76df979ab40f8c0dc1c053ab
- SHA512
  
  8f80d8cc74c0add6a92fc4a3549db2633a1c71e10e192f12ca8fd8f223a99455f24d2aab441d3dce3fddd789b769b446613991cb54906deacc930e2f7e8d46f0
- SSDEEP
  
  384:h8fmk9RJD7f+aPjoZ357iLezOo9qkT/4:h8flRJOZmBoE
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Loads dropped DLL

Looks up external IP address via web service

Suspicious use of SetThreadContext

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Blocklisted process makes network request

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4