snakekeylogger | d6293a2da7e53b870b97ca497274f16b4b0b9914a85ad3164cf78e3bc8ed1d00 | Triage

Submit
Reports

Overview

overview

Static

static

3

17c0f0568b...18.exe

windows7-x64

17c0f0568b...18.exe

windows10-2004-x64

Sharing

General

Target

17c0f0568b37daf4eb22b40d7ce8c332_JaffaCakes118
Size

337KB
Sample

240627-2b9v3sxbpm
MD5

17c0f0568b37daf4eb22b40d7ce8c332
SHA1

6902fca8b77184af631591fbe5656501d14b3a90
SHA256

d6293a2da7e53b870b97ca497274f16b4b0b9914a85ad3164cf78e3bc8ed1d00
SHA512

595edf00a0578320c4b8d40039432cd5333a31d3348e5231c4742b03b71ae5b289aea38d9fae29a7b05a75f0069c90c030d605ebc03142605e7fbe975d422fd1
SSDEEP

6144:ldtAlERQ+3HwOOcogjPmGUgJmK4RN0sTA1a4dRBwYYSw0NG49PEirheLhhF0:lOESoGgyGx4w1ayNV7e9hG

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

17c0f0568b37daf4eb22b40d7ce8c332_JaffaCakes118.exe

Resource

win7-20240611-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

17c0f0568b37daf4eb22b40d7ce8c332_JaffaCakes118.exe

Resource

win10v2004-20240508-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.sacauto.co.za
Port:
587
Username:
[email protected]
Password:
#R0797967613
Email To:
[email protected]

Targets

- Target
  
  17c0f0568b37daf4eb22b40d7ce8c332_JaffaCakes118
- Size
  
  337KB
- MD5
  
  17c0f0568b37daf4eb22b40d7ce8c332
- SHA1
  
  6902fca8b77184af631591fbe5656501d14b3a90
- SHA256
  
  d6293a2da7e53b870b97ca497274f16b4b0b9914a85ad3164cf78e3bc8ed1d00
- SHA512
  
  595edf00a0578320c4b8d40039432cd5333a31d3348e5231c4742b03b71ae5b289aea38d9fae29a7b05a75f0069c90c030d605ebc03142605e7fbe975d422fd1
- SSDEEP
  
  6144:ldtAlERQ+3HwOOcogjPmGUgJmK4RN0sTA1a4dRBwYYSw0NG49PEirheLhhF0:lOESoGgyGx4w1ayNV7e9hG
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy