snakekeylogger | ee344829b2ce25fc5bc242f1bb747cd201f4c7e9ef10d1e98c556110419197ab | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...c2.exe

windows7-x64

JaffaCakes...c2.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_60100f98d7ccafbbe110e377ae3e17c2
Size

630KB
Sample

250107-njp9rayqbv
MD5

60100f98d7ccafbbe110e377ae3e17c2
SHA1

6aa77517f474e945f81db1df8b45bea5e8917593
SHA256

ee344829b2ce25fc5bc242f1bb747cd201f4c7e9ef10d1e98c556110419197ab
SHA512

2e78bbdecf8911c832bce5e50d34da4c3b0f26616e98f49d60b2373b9849eca0ae1722be36f672e930ff79b5764fe4acbb1e03c9dce8cbfd242f87dbe387a06e
SSDEEP

12288:HkqhQKetZiE5xkfEikfxxluSNuEuJIz15p5uvZcy8jJ4xzVq/:hLeSQbfvuEcIt

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_60100f98d7ccafbbe110e377ae3e17c2.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_60100f98d7ccafbbe110e377ae3e17c2.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
iwRaBVG6
Email To:
[email protected]

C2

https://api.telegram.org/bot1649974165:AAEw6GzBFS7fcRG392_tbbCihTBzve7azV0/sendMessage?chat_id=1684569143

Targets

- Target
  
  JaffaCakes118_60100f98d7ccafbbe110e377ae3e17c2
- Size
  
  630KB
- MD5
  
  60100f98d7ccafbbe110e377ae3e17c2
- SHA1
  
  6aa77517f474e945f81db1df8b45bea5e8917593
- SHA256
  
  ee344829b2ce25fc5bc242f1bb747cd201f4c7e9ef10d1e98c556110419197ab
- SHA512
  
  2e78bbdecf8911c832bce5e50d34da4c3b0f26616e98f49d60b2373b9849eca0ae1722be36f672e930ff79b5764fe4acbb1e03c9dce8cbfd242f87dbe387a06e
- SSDEEP
  
  12288:HkqhQKetZiE5xkfEikfxxluSNuEuJIz15p5uvZcy8jJ4xzVq/:hLeSQbfvuEcIt
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy