snakekeylogger | 846cf3836da3c05c0d9cc5b5061028294660b1349c44dbf0788d1ccbd837bb6e | Triage

Submit
Reports

Overview

overview

Static

static

1

IFS0076545...56.exe

windows7-x64

1

IFS0076545...56.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

IFS0076545678-98765456.exe
Size

1.6MB
Sample

230215-qxefhsbf9t
MD5

bb757ad37313ea9480c3b22460ea8749
SHA1

895ded88ec53c39eb247b746535befbfdeaaf1e8
SHA256

846cf3836da3c05c0d9cc5b5061028294660b1349c44dbf0788d1ccbd837bb6e
SHA512

46e30dc7b59b7c3f44bd870a95263cb2d1fae276ab9ca220dd83b8872bc9de362940c44033650443c97ebd5f8d0ceba192af3ad818a696a8ff97f0895200e10a
SSDEEP

12288:gSO4asKoAeMYbjVGLRa5+79GpAhBDA4VGMeGE+tRaZn/+YgIr6gO/aXcz3GTMNIG:9eoAeMOjVG9m2O+Np8eche8R9oKEd

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

IFS0076545678-98765456.exe

Resource

win7-20221111-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

IFS0076545678-98765456.exe

Resource

win10v2004-20221111-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.sienkakupeste.com
Port:
587
Username:
[email protected]
Password:
010203sienka++
Email To:
[email protected]

Targets

- Target
  
  IFS0076545678-98765456.exe
- Size
  
  1.6MB
- MD5
  
  bb757ad37313ea9480c3b22460ea8749
- SHA1
  
  895ded88ec53c39eb247b746535befbfdeaaf1e8
- SHA256
  
  846cf3836da3c05c0d9cc5b5061028294660b1349c44dbf0788d1ccbd837bb6e
- SHA512
  
  46e30dc7b59b7c3f44bd870a95263cb2d1fae276ab9ca220dd83b8872bc9de362940c44033650443c97ebd5f8d0ceba192af3ad818a696a8ff97f0895200e10a
- SSDEEP
  
  12288:gSO4asKoAeMYbjVGLRa5+79GpAhBDA4VGMeGE+tRaZn/+YgIr6gO/aXcz3GTMNIG:9eoAeMOjVG9m2O+Np8eche8R9oKEd
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy