snakekeylogger | a186d098f99b61a1324320f36aa4cad9df64d0352543e4179be075d2dab6ee5a | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...46.exe

windows7-x64

SecuriteIn...46.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.MSIL.Kryptik.EOY.tr.9446.exe
Size

833KB
Sample

220915-gdgl4afgam
MD5

e41e078e3b2fc9148a47941d3dc27bf4
SHA1

73e23c1b9abababda08f1819cee3ef1c44e48137
SHA256

a186d098f99b61a1324320f36aa4cad9df64d0352543e4179be075d2dab6ee5a
SHA512

09af934e96d85bd0b4b0a63fe3f5bfcd8328388df2f701e078a11bd4b0fff536b673213a00bb69e82f4884fb11169e9e9179eade0362705c1dbb5b1f28b77833
SSDEEP

12288:wUfwLR8lylSx1F4Y6sNhaU2msS1x+eWMfurLYF0C3onSNMfqFTMbEJtaFCOw8gSL:wUfwmltnsL5MIYFJ+D87PaFjNjrb

Score

10^/10

snakekeylogger collection evasion keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.MSIL.Kryptik.EOY.tr.9446.exe

Resource

win7-20220901-en

snakekeylogger collection evasion keylogger stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.MSIL.Kryptik.EOY.tr.9446.exe

Resource

win10v2004-20220812-en

snakekeylogger collection evasion keylogger stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.rinc.in
Port:
587
Username:
[email protected]
Password:
easter@499
Email To:
[email protected]

Targets

- Target
  
  SecuriteInfo.com.MSIL.Kryptik.EOY.tr.9446.exe
- Size
  
  833KB
- MD5
  
  e41e078e3b2fc9148a47941d3dc27bf4
- SHA1
  
  73e23c1b9abababda08f1819cee3ef1c44e48137
- SHA256
  
  a186d098f99b61a1324320f36aa4cad9df64d0352543e4179be075d2dab6ee5a
- SHA512
  
  09af934e96d85bd0b4b0a63fe3f5bfcd8328388df2f701e078a11bd4b0fff536b673213a00bb69e82f4884fb11169e9e9179eade0362705c1dbb5b1f28b77833
- SSDEEP
  
  12288:wUfwLR8lylSx1F4Y6sNhaU2msS1x+eWMfurLYF0C3onSNMfqFTMbEJtaFCOw8gSL:wUfwmltnsL5MIYFJ+D87PaFjNjrb
Score

10^/10

snakekeylogger collection evasion keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionevasionkeyloggerstealer

behavioral2

snakekeyloggercollectionevasionkeyloggerstealer

© 2018-2025

Terms | Privacy