snakekeylogger | 53947d3249013c415585a4bd2ed6f31415f98fa69d50e1720d13c381157a75d4 | Triage

Submit
Reports

Overview

overview

Static

static

fishcom2021,2022.exe

windows7-x64

fishcom2021,2022.exe

windows10-2004-x64

Sharing

General

Target

fishcom2021,2022.zip
Size

428KB
Sample

221018-h13nhsehb5
MD5

d92d722bb448707226a238747a3f6ba4
SHA1

efc809f6858a3c468aa518d17a619229d0999b6f
SHA256

53947d3249013c415585a4bd2ed6f31415f98fa69d50e1720d13c381157a75d4
SHA512

b00354a9be5a6f79867f5f661ed4cc5568a069da2b9878468f433c5566bef44589a2b6e8eb517c5e45e93d936c98d58b556055fb7da64c2f5b68bc82d45e7933
SSDEEP

12288:Q7evVWHTHt/hP+Cki1wcbfrv/mhqUXkSStUDkAb6fgRsw:Q7CVWHps0TryXIMkwyw

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

fishcom2021,2022.exe

Resource

win7-20220901-en

snakekeylogger collection keylogger stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

fishcom2021,2022.exe

Resource

win10v2004-20220812-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5495243543:AAG3XPeGW7yqfXF6_EXjGSfO9SWHJTpqVsU/sendMessage?chat_id=1128973051

Targets

- Target
  
  fishcom2021,2022.exe
- Size
  
  523KB
- MD5
  
  424fe253270dbe031875b067634575e7
- SHA1
  
  94b9e195ccd190243f01e8370f640bf3fee30791
- SHA256
  
  2395d7c0f0f0a4034de2b9371519d95ca14bbb81d74afdd44111a1a5eb7497d6
- SHA512
  
  b47327a18ed3ee69928885f09c60b2f1d935e64ddfd7c2426932f8ad168cbedd077aa7cb42c8e4bbaaa518b5f3a7bf2ab81e32e79afd72082f46ee5bc7678f1a
- SSDEEP
  
  12288:R2o+Wxx9D/h5+CKi1web3rH5mhOUhM2llGytUDkAOb:f+Wxri+LrK5lZMkJ
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy