snakekeylogger | 4ade79259ddc557d6b0abf68de4b5fbe61e532db6eae5b29ef30e3a71bbf17e2 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

SecuriteIn...32.exe

windows7-x64

SecuriteIn...32.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Variant.Barys.51118.16839.28532.exe
Size

514KB
Sample

221027-sk6eksced6
MD5

1dd7da1e3f984e629949dcaec89447e1
SHA1

fb41c0f5106735929a44f8cee8fb65a7bf152d9d
SHA256

4ade79259ddc557d6b0abf68de4b5fbe61e532db6eae5b29ef30e3a71bbf17e2
SHA512

1b44e4544c9f03bc8d677fa37209bd40ebf6b188c1d8703c679886253fb759dcdaf51c32426389b19f32141cecb279ce7d7b106de287bd9863ee5911a641e653
SSDEEP

12288:kmAsXGV66h7Jos3QLmMSh+4deSE+NxM9dDfZH:y/sLkhQ8Nxu

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Variant.Barys.51118.16839.28532.exe

Resource

win7-20220812-en

snakekeylogger collection keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Variant.Barys.51118.16839.28532.exe

Resource

win10v2004-20220812-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5542941782:AAFlsn_FCfYT7D_ZthXK_Udd4a15AE58_Wg/sendMessage?chat_id=2054148913

Targets

- Target
  
  SecuriteInfo.com.Variant.Barys.51118.16839.28532.exe
- Size
  
  514KB
- MD5
  
  1dd7da1e3f984e629949dcaec89447e1
- SHA1
  
  fb41c0f5106735929a44f8cee8fb65a7bf152d9d
- SHA256
  
  4ade79259ddc557d6b0abf68de4b5fbe61e532db6eae5b29ef30e3a71bbf17e2
- SHA512
  
  1b44e4544c9f03bc8d677fa37209bd40ebf6b188c1d8703c679886253fb759dcdaf51c32426389b19f32141cecb279ce7d7b106de287bd9863ee5911a641e653
- SSDEEP
  
  12288:kmAsXGV66h7Jos3QLmMSh+4deSE+NxM9dDfZH:y/sLkhQ8Nxu
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy