snakekeylogger | cc138ced1fbc3fd146c76a8ab520bc6e436b84a4cd26542e8d75ae57c435511d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

5ae16d5f8e...79.exe

windows7-x64

5ae16d5f8e...79.exe

windows10-2004-x64

Sharing

General

Target

5ae16d5f8eae9b63068ad5a08a311179.exe
Size

637KB
Sample

230424-rnewcscc85
MD5

5ae16d5f8eae9b63068ad5a08a311179
SHA1

4189bf7a6fe8473395ee5814ca19a5aa70a20158
SHA256

cc138ced1fbc3fd146c76a8ab520bc6e436b84a4cd26542e8d75ae57c435511d
SHA512

774ecae4f72e9535c2bea549aa73c3a3872a772aff01924f52d1f7975a5f3039d75506b8c7956599eb028e2e10096e8b0a47c6232d355f3872a5c5215e4ac296
SSDEEP

12288:opGBO5ZZC/W2n9wl/mbORAuDSRB6okvdT1lPQiowic/7:mGqTC/fW/tRAu+RJk1RlPPse

Score

10^/10

snakekeylogger stormkitty collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

5ae16d5f8eae9b63068ad5a08a311179.exe

Resource

win7-20230220-en

snakekeylogger stormkitty collection keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

5ae16d5f8eae9b63068ad5a08a311179.exe

Resource

win10v2004-20230220-en

snakekeylogger stormkitty collection keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6102267622:AAFFZ_GvUj4OisNxsdlwZ5OHZVEfanDQBf0/sendMessage?chat_id=6107719374

Targets

- Target
  
  5ae16d5f8eae9b63068ad5a08a311179.exe
- Size
  
  637KB
- MD5
  
  5ae16d5f8eae9b63068ad5a08a311179
- SHA1
  
  4189bf7a6fe8473395ee5814ca19a5aa70a20158
- SHA256
  
  cc138ced1fbc3fd146c76a8ab520bc6e436b84a4cd26542e8d75ae57c435511d
- SHA512
  
  774ecae4f72e9535c2bea549aa73c3a3872a772aff01924f52d1f7975a5f3039d75506b8c7956599eb028e2e10096e8b0a47c6232d355f3872a5c5215e4ac296
- SSDEEP
  
  12288:opGBO5ZZC/W2n9wl/mbORAuDSRB6okvdT1lPQiowic/7:mGqTC/fW/tRAu+RJk1RlPPse
Score

10^/10

snakekeylogger stormkitty collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerstormkittycollectionkeyloggerstealer

behavioral2

snakekeyloggerstormkittycollectionkeyloggerstealer

© 2018-2025

Terms | Privacy