snakekeylogger | b8216cdc194ab1f82820fc2a29ca63af3a1f3e6b80102ab658c1ee33b7dd68da | Triage

Submit
Reports

Overview

overview

Static

static

8d38003a1a...bb.exe

windows7-x64

8d38003a1a...bb.exe

windows10-2004-x64

Sharing

General

Target

8d38003a1a35790a116f039a0998f4bb
Size

842KB
Sample

221202-axf2caah91
MD5

8d38003a1a35790a116f039a0998f4bb
SHA1

094eff2ab11ae19699d7dc5c22bab0429beb50bb
SHA256

b8216cdc194ab1f82820fc2a29ca63af3a1f3e6b80102ab658c1ee33b7dd68da
SHA512

e11cd051e9c91e58ba0f9d3ae8c498d8aa4993e5d27f97aac78e7a7529e370cfff4fa6a05cdb3084100144702a064bcbc03bc55793ebe2d432ea0ba7815cd07d
SSDEEP

12288:7OeRWLigAwR4cLGtwpmD3U25D6uMlpwnm/g8AdLn8DE2dgCOWDC2xVmsrKa:1sAhcLGOpi6pwnmgdLn8D1O72qmKa

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

8d38003a1a35790a116f039a0998f4bb.exe

Resource

win7-20221111-en

snakekeylogger collection keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

8d38003a1a35790a116f039a0998f4bb.exe

Resource

win10v2004-20221111-en

snakekeylogger keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5484820495:AAGEjy8dT72vJZImmHLmeh3onMuG9LLRD5A/sendMessage?chat_id=5101327412

Targets

- Target
  
  8d38003a1a35790a116f039a0998f4bb
- Size
  
  842KB
- MD5
  
  8d38003a1a35790a116f039a0998f4bb
- SHA1
  
  094eff2ab11ae19699d7dc5c22bab0429beb50bb
- SHA256
  
  b8216cdc194ab1f82820fc2a29ca63af3a1f3e6b80102ab658c1ee33b7dd68da
- SHA512
  
  e11cd051e9c91e58ba0f9d3ae8c498d8aa4993e5d27f97aac78e7a7529e370cfff4fa6a05cdb3084100144702a064bcbc03bc55793ebe2d432ea0ba7815cd07d
- SSDEEP
  
  12288:7OeRWLigAwR4cLGtwpmD3U25D6uMlpwnm/g8AdLn8DE2dgCOWDC2xVmsrKa:1sAhcLGOpi6pwnmgdLn8D1O72qmKa
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2025

Terms | Privacy