snakekeylogger | b8fa22ad08fdaffe595e3a99a93332682853a3f20c16c2432ece2298b54a4c5f | Triage

Submit
Reports

Overview

overview

Static

static

3

04bd01c534...18.exe

windows7-x64

04bd01c534...18.exe

windows10-2004-x64

Sharing

General

Target

04bd01c5343cef0a9eb0f9809c38a6d2_JaffaCakes118
Size

529KB
Sample

240623-bse4xsxgnn
MD5

04bd01c5343cef0a9eb0f9809c38a6d2
SHA1

b328b14774af852bda4f2b920c0edd51fbde628c
SHA256

b8fa22ad08fdaffe595e3a99a93332682853a3f20c16c2432ece2298b54a4c5f
SHA512

28ed5053005752ce4ed9d9be418fc0291ac427a2852eabb17726e10c35ab1bb36e479b71b131ae8f3f4a2b4148e520f71c7e209465f23986f84d8102ab927c5e
SSDEEP

12288:jvaeRgxSr1xU+foFkTvDXZqoO4Mr1FyNEukjDw60cI1ocq5fAVL:jXTr3UbWDDXhO4M5F2kjkr

Score

10^/10

snakekeylogger execution keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

04bd01c5343cef0a9eb0f9809c38a6d2_JaffaCakes118.exe

Resource

win7-20240611-en

snakekeylogger execution keylogger stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

04bd01c5343cef0a9eb0f9809c38a6d2_JaffaCakes118.exe

Resource

win10v2004-20240611-en

snakekeylogger execution keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
Moneymatter@123
Email To:
[email protected]

Targets

- Target
  
  04bd01c5343cef0a9eb0f9809c38a6d2_JaffaCakes118
- Size
  
  529KB
- MD5
  
  04bd01c5343cef0a9eb0f9809c38a6d2
- SHA1
  
  b328b14774af852bda4f2b920c0edd51fbde628c
- SHA256
  
  b8fa22ad08fdaffe595e3a99a93332682853a3f20c16c2432ece2298b54a4c5f
- SHA512
  
  28ed5053005752ce4ed9d9be418fc0291ac427a2852eabb17726e10c35ab1bb36e479b71b131ae8f3f4a2b4148e520f71c7e209465f23986f84d8102ab927c5e
- SSDEEP
  
  12288:jvaeRgxSr1xU+foFkTvDXZqoO4Mr1FyNEukjDw60cI1ocq5fAVL:jXTr3UbWDDXhO4M5F2kjkr
Score

10^/10

snakekeylogger execution keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerexecutionkeyloggerstealer

behavioral2

snakekeyloggerexecutionkeyloggerstealer

© 2018-2024

Terms | Privacy