snakekeylogger | f15ec425e485e8d7ba7f0939b04601703476ece780e8cfdaac7eae825fe80bdf | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

PO 732001_pdf.exe

windows7-x64

PO 732001_pdf.exe

windows10-2004-x64

Sharing

General

Target

PO 732001_pdf_1.zip
Size

316KB
Sample

230209-samjqagd66
MD5

7be383da5833e73337eba28bfa755023
SHA1

7380c813d3c5eddf37fee85ddc9c6de34417a61c
SHA256

f15ec425e485e8d7ba7f0939b04601703476ece780e8cfdaac7eae825fe80bdf
SHA512

54fc544ff802a846bbe3656f0a598f86e72932a6796c85fe744d7fb4ce41cd7d61097459eed0c14827ee7da9867c71202a3ed99b89c681f98304f240a42b7e7d
SSDEEP

6144:Ei80bZ5G0tVu5KXbPMPxGCXwgv7d3BKCfRj81b8yVe3NP99e:s0bptIKXbPMPoCX3B+rA3Ni

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

PO 732001_pdf.exe

Resource

win7-20221111-en

snakekeylogger collection keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO 732001_pdf.exe

Resource

win10v2004-20221111-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6010601014:AAE_RJm-2igP99_YnmRQZ_TajH6dCuBx6CI/sendMessage?chat_id=869301167

Targets

- Target
  
  PO 732001_pdf.exe
- Size
  
  710KB
- MD5
  
  16518717490a9378b8ce9e4398c22bba
- SHA1
  
  94199ea9d1227a495d09fc77a63088d25829b022
- SHA256
  
  7bcce65d6166d096b69e5cd5e4a1e6a3991ff77aed3495da1af2b4f9ecbeef93
- SHA512
  
  c9d94d712ee5039ac8833140fe5e107d87aa12644a411429d21dccf1b18d61fa6c727b04f3238050c18501df20afafdcddf81c554f8e13ac1ce9fdcdbce86522
- SSDEEP
  
  12288:/UNSgr0oFGV/nMA1uSx8AevTsff0a8Gt3w8sqz4XRKyghCS09QPi/4mJoHpqf2wt:/UtwfTo1f7wCtxzfJGY
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2025

Terms | Privacy