snakekeylogger | b2b8c1c6f1b2f3765741c727f9b9995427669b972992e319522ad730201c6ea5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

INQ-2022-0...90.exe

windows7-x64

INQ-2022-0...90.exe

windows10-2004-x64

Sharing

General

Target

INQ-2022-09-21-AQI3N847211-INQ0290.exe
Size

931KB
Sample

220921-f9e8gafcd6
MD5

89116b990a62888ca7a5954fe8379519
SHA1

fe19acb68f0a658d817eb65da912829401bb940b
SHA256

b2b8c1c6f1b2f3765741c727f9b9995427669b972992e319522ad730201c6ea5
SHA512

95bd82d193d2d48b9ea54334faba1ec1a681e79c08064a38905d1286c3a2327d2d910a3e2e04f7cdadbb548ba7cb8bfb97440c2fa9e4bddc4c9fe8dbf39123fd
SSDEEP

12288:VcDL71G/fqBbLBWO5cb3JsgGEps3Mtn54TUa1f8edAY:2Df16fqtBub32qs+5va1Ndh

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

INQ-2022-09-21-AQI3N847211-INQ0290.exe

Resource

win7-20220812-en

snakekeylogger collection keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

INQ-2022-09-21-AQI3N847211-INQ0290.exe

Resource

win10v2004-20220812-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5453475689:AAEPtYkTq-8THTeKrYW8b68w6CGTVgKvmpM/sendMessage?chat_id=5798274961

Targets

- Target
  
  INQ-2022-09-21-AQI3N847211-INQ0290.exe
- Size
  
  931KB
- MD5
  
  89116b990a62888ca7a5954fe8379519
- SHA1
  
  fe19acb68f0a658d817eb65da912829401bb940b
- SHA256
  
  b2b8c1c6f1b2f3765741c727f9b9995427669b972992e319522ad730201c6ea5
- SHA512
  
  95bd82d193d2d48b9ea54334faba1ec1a681e79c08064a38905d1286c3a2327d2d910a3e2e04f7cdadbb548ba7cb8bfb97440c2fa9e4bddc4c9fe8dbf39123fd
- SSDEEP
  
  12288:VcDL71G/fqBbLBWO5cb3JsgGEps3Mtn54TUa1f8edAY:2Df16fqtBub32qs+5va1Ndh
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy