snakekeylogger | 9d6c737ffe3b5886f36b9883b3019361fc286845616dc9a757dde4b78901239b | Triage

Submit
Reports

Overview

overview

Static

static

3

08e24a3d68...18.exe

windows7-x64

08e24a3d68...18.exe

windows10-2004-x64

Sharing

General

Target

08e24a3d689c7c7a9f4a1d29015be51b_JaffaCakes118
Size

1.2MB
Sample

240624-q4nyjaydrp
MD5

08e24a3d689c7c7a9f4a1d29015be51b
SHA1

0e314c8fcdfbc88521ddfc80b2984f3d587a982b
SHA256

9d6c737ffe3b5886f36b9883b3019361fc286845616dc9a757dde4b78901239b
SHA512

e9c654a054f7c29eab65cefcbc85e1dcdc3feefba28200bfca856b0751b350cb732e147b500038b476ac8f646afe5ba535a08a069feda2d75e3c45c34a9bee6e
SSDEEP

12288:vJ3X8mSiH1rKl/yLrXoWbd7elD3E7SvE2mvnVfP3ByxbE/wT1eNG:vJllVrKlyLrXoUL7SvOvBZyG45

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

08e24a3d689c7c7a9f4a1d29015be51b_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger collection keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

08e24a3d689c7c7a9f4a1d29015be51b_JaffaCakes118.exe

Resource

win10v2004-20240508-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: ftp
Host:
ftp://bitrix370.timeweb.ru/
Port:
21
Username:
cn94754
Password:
c2eitfpidhgS

Targets

- Target
  
  08e24a3d689c7c7a9f4a1d29015be51b_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  08e24a3d689c7c7a9f4a1d29015be51b
- SHA1
  
  0e314c8fcdfbc88521ddfc80b2984f3d587a982b
- SHA256
  
  9d6c737ffe3b5886f36b9883b3019361fc286845616dc9a757dde4b78901239b
- SHA512
  
  e9c654a054f7c29eab65cefcbc85e1dcdc3feefba28200bfca856b0751b350cb732e147b500038b476ac8f646afe5ba535a08a069feda2d75e3c45c34a9bee6e
- SSDEEP
  
  12288:vJ3X8mSiH1rKl/yLrXoWbd7elD3E7SvE2mvnVfP3ByxbE/wT1eNG:vJllVrKlyLrXoUL7SvOvBZyG45
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy