snakekeylogger | 27acd040d5654910a0b865eb5f9aef8f1dd8b646d8301023b7021089702aaaf4 | Triage

Submit
Reports

Overview

overview

Static

static

1

7c0662078b...d5.exe

windows7-x64

7c0662078b...d5.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

7c0662078b41306675a32002a64a5dd5.exe
Size

490KB
Sample

230206-kzeamsda24
MD5

7c0662078b41306675a32002a64a5dd5
SHA1

5c327905044b8bf4e145a108efc6f87776647c01
SHA256

27acd040d5654910a0b865eb5f9aef8f1dd8b646d8301023b7021089702aaaf4
SHA512

378b6c9be84b6fa86a6c990acbc7146b3fbeff05533967956fc62f829b9dd42e9c77fe9b98afcdd68e7bf8d63a39df1637ef9d751b02cc26d8ad1d5d8f83f0fc
SSDEEP

6144:3MN3jkmK9BCR91894QvU1nMP3onm4w7EAv/2b+2EUtKWRLffb9gpga7qAD4GiB:3MJjgCj1PMnPNhv12R5RLffb2pgmqFG

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

7c0662078b41306675a32002a64a5dd5.exe

Resource

win7-20221111-en

snakekeylogger collection keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

7c0662078b41306675a32002a64a5dd5.exe

Resource

win10v2004-20221111-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6076066461:AAFcrftn4bgQApdtfr9nDQVneglOzbFaFZ4/sendMessage?chat_id=1225679122

Targets

- Target
  
  7c0662078b41306675a32002a64a5dd5.exe
- Size
  
  490KB
- MD5
  
  7c0662078b41306675a32002a64a5dd5
- SHA1
  
  5c327905044b8bf4e145a108efc6f87776647c01
- SHA256
  
  27acd040d5654910a0b865eb5f9aef8f1dd8b646d8301023b7021089702aaaf4
- SHA512
  
  378b6c9be84b6fa86a6c990acbc7146b3fbeff05533967956fc62f829b9dd42e9c77fe9b98afcdd68e7bf8d63a39df1637ef9d751b02cc26d8ad1d5d8f83f0fc
- SSDEEP
  
  6144:3MN3jkmK9BCR91894QvU1nMP3onm4w7EAv/2b+2EUtKWRLffb9gpga7qAD4GiB:3MJjgCj1PMnPNhv12R5RLffb2pgmqFG
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy