snakekeylogger | 4ab6d78c4846a801d11c6263585e0154d8e610fcdaeb123ef91c819cc7c76cd4 | Triage

Submit
Reports

Overview

overview

Static

static

1

hesapharek...DF.exe

windows7-x64

hesapharek...DF.exe

windows10-2004-x64

Sharing

General

Target

hesaphareketi-01.PDF.exe
Size

531KB
Sample

230414-grf8gsge49
MD5

5b31501232583da35ea20ab826cef71c
SHA1

33f1c8bc3af1f99f919f9451f19c0539f3a452ea
SHA256

4ab6d78c4846a801d11c6263585e0154d8e610fcdaeb123ef91c819cc7c76cd4
SHA512

9c35d03400d2e8bccfa158f066d378e9b3befae46c68164f7e69a15690e5434cfd6eefb6462415a2bbb7d374e3c529ba618de66d7f14302af8f4976ae7a9e10e
SSDEEP

12288:PDXrEhB3zhZQ1FJeIYgCvZmQSIJI6nYJ6k3:PCB3zhZaeBpvVNGNE

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

hesaphareketi-01.PDF.exe

Resource

win7-20230220-en

snakekeylogger keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

hesaphareketi-01.PDF.exe

Resource

win10v2004-20230221-en

snakekeylogger keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5972904963:AAH_L0Z1BaWpBDyPhmUAMb5yVXWF00k11jk/sendMessage?chat_id=5334267822

Targets

- Target
  
  hesaphareketi-01.PDF.exe
- Size
  
  531KB
- MD5
  
  5b31501232583da35ea20ab826cef71c
- SHA1
  
  33f1c8bc3af1f99f919f9451f19c0539f3a452ea
- SHA256
  
  4ab6d78c4846a801d11c6263585e0154d8e610fcdaeb123ef91c819cc7c76cd4
- SHA512
  
  9c35d03400d2e8bccfa158f066d378e9b3befae46c68164f7e69a15690e5434cfd6eefb6462415a2bbb7d374e3c529ba618de66d7f14302af8f4976ae7a9e10e
- SSDEEP
  
  12288:PDXrEhB3zhZQ1FJeIYgCvZmQSIJI6nYJ6k3:PCB3zhZaeBpvVNGNE
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2025

Terms | Privacy