snakekeylogger | d10c9083a3d3d9be335be359663a84e78c71ed45d660a17a0c9106d7c0f94473 | Triage

Submit
Reports

Overview

overview

Static

static

3

0876ca498a...18.exe

windows7-x64

0876ca498a...18.exe

windows10-2004-x64

7

$PLUGINSDI...pw.dll

windows7-x64

$PLUGINSDI...pw.dll

windows10-2004-x64

3

Sharing

General

Target

0876ca498a685cef7a18e10ce2507770_JaffaCakes118
Size

580KB
Sample

240624-php32a1gpg
MD5

0876ca498a685cef7a18e10ce2507770
SHA1

fdef9951c2efd96aac0a959ce1f7cadf0c81a81f
SHA256

d10c9083a3d3d9be335be359663a84e78c71ed45d660a17a0c9106d7c0f94473
SHA512

94b28c9d6fec38700c8e770b777fb044b35f1ecffd3ba64a4ad71456546827ef5fd7f9361728f4755eccd92ccb5f71ffe759d0aa689d6f558acf52120fabf050
SSDEEP

12288:ysKR0tv4eYbw9cEtu/s8xcPWcw2dXaYcrajdzniZFQEobFj8E7EI+dR:PKRU1KwDLWz2Xo2VclmPF+dR

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0876ca498a685cef7a18e10ce2507770_JaffaCakes118.exe

Resource

win7-20240508-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

0876ca498a685cef7a18e10ce2507770_JaffaCakes118.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

$PLUGINSDIR/mdprekfxpw.dll

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral4

Sample

$PLUGINSDIR/mdprekfxpw.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  0876ca498a685cef7a18e10ce2507770_JaffaCakes118
- Size
  
  580KB
- MD5
  
  0876ca498a685cef7a18e10ce2507770
- SHA1
  
  fdef9951c2efd96aac0a959ce1f7cadf0c81a81f
- SHA256
  
  d10c9083a3d3d9be335be359663a84e78c71ed45d660a17a0c9106d7c0f94473
- SHA512
  
  94b28c9d6fec38700c8e770b777fb044b35f1ecffd3ba64a4ad71456546827ef5fd7f9361728f4755eccd92ccb5f71ffe759d0aa689d6f558acf52120fabf050
- SSDEEP
  
  12288:ysKR0tv4eYbw9cEtu/s8xcPWcw2dXaYcrajdzniZFQEobFj8E7EI+dR:PKRU1KwDLWz2Xo2VclmPF+dR
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/mdprekfxpw.dll
- Size
  
  30KB
- MD5
  
  efb0b671be2543b0546371edebf02512
- SHA1
  
  18f2872f1ea713401f39418dc378a4c67ca89040
- SHA256
  
  5a4c2e67502068e7f97f7efc85d507bc703cf9fe505ff65624407f5a1aa057f0
- SHA512
  
  a97ca190be64a35d28bf98a27ef786489da871a113786f7eba3bf6faf302fa04e7b2c87d3decc5f4f12273ddc59a6285b0ea500af173e073929048300d11b76b
- SSDEEP
  
  768:iYYsBQJDh7wN4Ce1k95WuPO8P9se1J4+iGTMDsJzqk0UNKC:ioBQJD6LPO8P9fC+iFsJvNb
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

behavioral3

snakekeyloggerkeyloggerstealer

behavioral4

© 2018-2024

Terms | Privacy