snakekeylogger | a877d4ad09c9afc5bb5880913fd98fcf6989f390685bbd50b7f6acca864d0f44 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

KvlzN7SaEJQgetq.exe

windows7-x64

KvlzN7SaEJQgetq.exe

windows10-2004-x64

Sharing

General

Target

KvlzN7SaEJQgetq.exe
Size

840KB
Sample

221206-s535ysbc47
MD5

bfd1be3c1b51983177c7ec0769816da1
SHA1

10d8ccd2ab82a7c98494b25667b66628fc4487d2
SHA256

a877d4ad09c9afc5bb5880913fd98fcf6989f390685bbd50b7f6acca864d0f44
SHA512

b91ddbbc428d2ee9e9607b5b5d7f8303dc4dbaa6f086da3df76bc85a8ef34f534423fa6e95aa70fbc6e5c023c84a4388e28f8123e6a71e3a99260b663304b15a
SSDEEP

12288:pyvlqU+EegGqZN+2eM2gvX88uT3zVgVn7r95f0bRHwAxxGBH5Ddzoa1cfN:IvdeRqbPeS/83zCV7hN0FxABH5DdEPf

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

KvlzN7SaEJQgetq.exe

Resource

win7-20220901-en

snakekeylogger collection keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

KvlzN7SaEJQgetq.exe

Resource

win10v2004-20220812-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5527276937:AAFXPayV6BQ7JPPGsD5rUkKZ4cn3m-d_W-0/sendMessage?chat_id=5582419717

Targets

- Target
  
  KvlzN7SaEJQgetq.exe
- Size
  
  840KB
- MD5
  
  bfd1be3c1b51983177c7ec0769816da1
- SHA1
  
  10d8ccd2ab82a7c98494b25667b66628fc4487d2
- SHA256
  
  a877d4ad09c9afc5bb5880913fd98fcf6989f390685bbd50b7f6acca864d0f44
- SHA512
  
  b91ddbbc428d2ee9e9607b5b5d7f8303dc4dbaa6f086da3df76bc85a8ef34f534423fa6e95aa70fbc6e5c023c84a4388e28f8123e6a71e3a99260b663304b15a
- SSDEEP
  
  12288:pyvlqU+EegGqZN+2eM2gvX88uT3zVgVn7r95f0bRHwAxxGBH5Ddzoa1cfN:IvdeRqbPeS/83zCV7hN0FxABH5DdEPf
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy