snakekeylogger | 9eb40372237691f70f98fd3b46e040131d0e1144e62a79ce3709f4ed786907e0 | Triage

Submit
Reports

Overview

overview

Static

static

1

INV 002000-2023.exe

windows7-x64

INV 002000-2023.exe

windows10-2004-x64

Sharing

General

Target

INV 002000-2023.exe
Size

1.1MB
Sample

230208-w4xhkadd6x
MD5

e6a3824b28ef184b23ccca2f28dca151
SHA1

b6bd15342f2842f7a27b96fced186c3fbe003daf
SHA256

9eb40372237691f70f98fd3b46e040131d0e1144e62a79ce3709f4ed786907e0
SHA512

26d6d5d5adfab6a89a9dba91cafabadfbe210fd635606a3b451eab089355335b85f027b148f092382f249c85cd3b8c16be31310957b078aaccd0bc55423dabe2
SSDEEP

12288:1DdNuif+9gLHHPrpg6+R4cSbEX7ULxMtwprXauFRovStpBmfYx58QVC6gnu5242H:HNuiWGLHHPrpg6+R4K9gpgwoTnjBT

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

INV 002000-2023.exe

Resource

win7-20220901-en

snakekeylogger collection keylogger stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

INV 002000-2023.exe

Resource

win10v2004-20220812-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5434559816:AAEK4UyY4a6PcJctHP2Ip_JJDu3VHM5TgBU/sendMessage?chat_id=935548406

Targets

- Target
  
  INV 002000-2023.exe
- Size
  
  1.1MB
- MD5
  
  e6a3824b28ef184b23ccca2f28dca151
- SHA1
  
  b6bd15342f2842f7a27b96fced186c3fbe003daf
- SHA256
  
  9eb40372237691f70f98fd3b46e040131d0e1144e62a79ce3709f4ed786907e0
- SHA512
  
  26d6d5d5adfab6a89a9dba91cafabadfbe210fd635606a3b451eab089355335b85f027b148f092382f249c85cd3b8c16be31310957b078aaccd0bc55423dabe2
- SSDEEP
  
  12288:1DdNuif+9gLHHPrpg6+R4cSbEX7ULxMtwprXauFRovStpBmfYx58QVC6gnu5242H:HNuiWGLHHPrpg6+R4K9gpgwoTnjBT
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy