snakekeylogger | 6657fc401ddcb3ffdbe0d45b7850f9a2bccef46d42469b825cd890557a351693 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Product List.exe

windows7-x64

9

Product List.exe

windows10-2004-x64

Sharing

General

Target

Product List.exe
Size

211KB
Sample

220926-hfr2aabaaj
MD5

16b097f9953854b7f1c0c046ec34d366
SHA1

1cd3ff8497afb31a9ba5280ef0d8d939689ea597
SHA256

6657fc401ddcb3ffdbe0d45b7850f9a2bccef46d42469b825cd890557a351693
SHA512

43f6313cd2831b9885c7eb851b1ed97743904e7e2d444acacddfb69388beb1743a2f931a115524270d953d5255bc0558bdf5ca22308e3d714205482c3f6f8230
SSDEEP

1536:FOW5VXt2AfixzZ/widSImSU969OSuzrX:FOAQw09qX

Score

10^/10

snakekeylogger collection discovery keylogger persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

Product List.exe

Resource

win7-20220901-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Product List.exe

Resource

win10v2004-20220812-en

snakekeylogger collection keylogger persistence stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.stilltech.ro
Port:
587
Username:
[email protected]
Password:
eurobit555ro
Email To:
[email protected]

Targets

- Target
  
  Product List.exe
- Size
  
  211KB
- MD5
  
  16b097f9953854b7f1c0c046ec34d366
- SHA1
  
  1cd3ff8497afb31a9ba5280ef0d8d939689ea597
- SHA256
  
  6657fc401ddcb3ffdbe0d45b7850f9a2bccef46d42469b825cd890557a351693
- SHA512
  
  43f6313cd2831b9885c7eb851b1ed97743904e7e2d444acacddfb69388beb1743a2f931a115524270d953d5255bc0558bdf5ca22308e3d714205482c3f6f8230
- SSDEEP
  
  1536:FOW5VXt2AfixzZ/widSImSU969OSuzrX:FOAQw09qX
Score

10^/10

discovery snakekeylogger collection keylogger persistence stealer
- Modifies WinLogon for persistence
  persistence
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerpersistencestealer

© 2018-2025

Terms | Privacy