snakekeylogger | 47e8a43a5dfcefe4d6850764bb413ffeab6724be3a37620853b686c9fb23db34 | Triage

Submit
Reports

Overview

overview

Static

static

1

clip_image001.exe

windows7-x64

clip_image001.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

clip_image001.exe
Size

411KB
Sample

230323-gtrf8sdh78
MD5

0600fd383dfdc1c13eec78c11c9a848d
SHA1

f26e1ed9f1e4a926e613de202318652cdba076ec
SHA256

47e8a43a5dfcefe4d6850764bb413ffeab6724be3a37620853b686c9fb23db34
SHA512

f5b3492f4e0694f541f08b2979f2e7c68ddb399df7fafdf29bed08e7fc11ed2fe87dc2b803658ea40c424026b38b373ac859d25cd8a116924417a0adb74ae244
SSDEEP

6144:8BeMoZqMFv+k0Q8It5gUqJ3PrYx4ePqAeHdKLAdXKEPHihu:ioZqMpB0Qwn3seeuKLAvf0u

Score

10^/10

snakekeylogger collection discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

clip_image001.exe

Resource

win7-20230220-en

snakekeylogger collection discovery keylogger stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

clip_image001.exe

Resource

win10v2004-20230220-en

snakekeylogger collection discovery keylogger stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.eversafe.pt
Port:
587
Username:
[email protected]
Password:
Ev3rsaf3_2021
Email To:
[email protected]

Targets

- Target
  
  clip_image001.exe
- Size
  
  411KB
- MD5
  
  0600fd383dfdc1c13eec78c11c9a848d
- SHA1
  
  f26e1ed9f1e4a926e613de202318652cdba076ec
- SHA256
  
  47e8a43a5dfcefe4d6850764bb413ffeab6724be3a37620853b686c9fb23db34
- SHA512
  
  f5b3492f4e0694f541f08b2979f2e7c68ddb399df7fafdf29bed08e7fc11ed2fe87dc2b803658ea40c424026b38b373ac859d25cd8a116924417a0adb74ae244
- SSDEEP
  
  6144:8BeMoZqMFv+k0Q8It5gUqJ3PrYx4ePqAeHdKLAdXKEPHihu:ioZqMpB0Qwn3seeuKLAvf0u
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoverykeyloggerstealer

behavioral2

snakekeyloggercollectiondiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy