snakekeylogger | 0aca8e757450257b435be941b91b79bedc38d9b25be3a60b10a52aec61a158a8 | Triage

Submit
Reports

Overview

overview

Static

static

1

Order_PROF...ON.exe

windows7-x64

Order_PROF...ON.exe

windows10-2004-x64

Sharing

General

Target

Order_PROFORMA150223_DOCUMENTACION.exe
Size

420KB
Sample

230323-g9sdgaga3v
MD5

2e7d0cf4cec98345f5c0a37b41a4ec28
SHA1

e93e2ffbce12cdfbc2da6fa985a2b4cf934ca756
SHA256

0aca8e757450257b435be941b91b79bedc38d9b25be3a60b10a52aec61a158a8
SHA512

0397f3a3d40b51eed45495f2a20537d620be0599e59b4716951c91736c349a95aa0c9c133f8ffa8098e858b7ff014be64dcc389c29841e9c40171b42e84d6185
SSDEEP

12288:ioZqMpB0QfDg1a8+kDCyram5H0naXmpf0v:iosMOQfDg1a8+kDCm0nppf0v

Score

10^/10

snakekeylogger collection discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Order_PROFORMA150223_DOCUMENTACION.exe

Resource

win7-20230220-en

snakekeylogger collection discovery keylogger stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

Order_PROFORMA150223_DOCUMENTACION.exe

Resource

win10v2004-20230220-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.eversafe.pt
Port:
587
Username:
[email protected]
Password:
Ev3rsaf3_2021
Email To:
[email protected]

Targets

- Target
  
  Order_PROFORMA150223_DOCUMENTACION.exe
- Size
  
  420KB
- MD5
  
  2e7d0cf4cec98345f5c0a37b41a4ec28
- SHA1
  
  e93e2ffbce12cdfbc2da6fa985a2b4cf934ca756
- SHA256
  
  0aca8e757450257b435be941b91b79bedc38d9b25be3a60b10a52aec61a158a8
- SHA512
  
  0397f3a3d40b51eed45495f2a20537d620be0599e59b4716951c91736c349a95aa0c9c133f8ffa8098e858b7ff014be64dcc389c29841e9c40171b42e84d6185
- SSDEEP
  
  12288:ioZqMpB0QfDg1a8+kDCyram5H0naXmpf0v:iosMOQfDg1a8+kDCm0nppf0v
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy