snakekeylogger | d490bd61375c25efaddd9a36af960dd992579604dc88d92bcc71c4f9d49e8a63 | Triage

Submit
Reports

Overview

overview

Static

static

KONTOAUSZUG.exe

windows7-x64

KONTOAUSZUG.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

8193136387.zip
Size

528KB
Sample

221017-1cvbcadefm
MD5

7829d7c31d95883eb24da159ee1659cd
SHA1

85601794f668c27d8293a770b30034424c06c4dd
SHA256

d490bd61375c25efaddd9a36af960dd992579604dc88d92bcc71c4f9d49e8a63
SHA512

2c72e630afe230f6a4ef8eae5c71424bc23e3bced4a68715c0af628146cb149dfe8b8322433c1ec0081e5322ff274a0bf8c492bbeb8a976e0c94d6504bc72682
SSDEEP

12288:s+XAqBBKHNnp4lbRnM0VJvtDN9ZYns1qP4txmx0DmlR0Y:sE6naM0VJFpAHWS

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

KONTOAUSZUG.exe

Resource

win7-20220901-en

snakekeylogger collection keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

KONTOAUSZUG.exe

Resource

win10v2004-20220812-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.hemegas.es
Port:
587
Username:
[email protected]
Password:
@Bastilipo1
Email To:
[email protected]

Targets

- Target
  
  KONTOAUSZUG.exe
- Size
  
  977KB
- MD5
  
  d2cecb5ca24b52f42ab10f141803bdc5
- SHA1
  
  cb5abef80978595bbae8cddd5d4273e52a59e82f
- SHA256
  
  611bc0e5de938f59f15f13b650ed7e2bfaa4cbec4226809b7fa66a045056bfa0
- SHA512
  
  152be36c9632f8a2bec24216b6bc40b56460ededb1451a97e303b409141c87cac40a9dfc597173468ace2f13351b8650ba845a1c0a6efccdd815dd1bfec9186d
- SSDEEP
  
  12288:eglVT2sZhzcDT0cJUobAu2/Gx2KG7rjFsYK4HTN:BlV6s/c30cuAt2hKe
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy