snakekeylogger | de14f0684525fb1e88fd930b745955d6e7d007b664c9643fd6ef03568e234a4e

Analysis

max time kernel
116s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-05-2023 03:44

Target

SnakeKeylogger-main/bin/Debug/Snake Keylogger.exe
Size

6.0MB
MD5

f9960f5488085181b45238a827f471de
SHA1

0aeafc8d62db430da2d1899cb0b0bbc215762215
SHA256

3b6b10baa64d343487c73a1a8eed90216f0a4f8f7ed5712a6ed8bb9353a69dec
SHA512

e1819aac0da75331433c9ba3721706c0d3f16df4c6ceaa4d0a9a4e84ce1f9b0cb693ee3641d8ac5b723af8e055a9459c6b590032dbde2da646d8057c2b604188
SSDEEP

49152:RgkLFVus/0tGxAPbN34EG1nFCiQ9bozruSX0RIglO1CuL9VNcaCdGczKITh1fkx:Rjes0tGx7K6rt6MpChJ

Score

10^/10

Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
stealer keylogger snakekeylogger

Snake Keylogger payload 1 IoCs

resource	yara_rule
behavioral10/memory/4372-133-0x00000000003E0000-0x00000000009E4000-memory.dmp	family_snakekeylogger

Beds Protector Packer 1 IoCs

Detects Beds Protector packer used to load .NET malware.

resource	yara_rule
behavioral10/memory/4372-133-0x00000000003E0000-0x00000000009E4000-memory.dmp	beds_protector

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3796	4372	WerFault.exe	82

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4372	Snake Keylogger.exe

C:\Users\Admin\AppData\Local\Temp\SnakeKeylogger-main\bin\Debug\Snake Keylogger.exe
"C:\Users\Admin\AppData\Local\Temp\SnakeKeylogger-main\bin\Debug\Snake Keylogger.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4372
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4372 -s 2816
  2⤵
  - Program crash
  PID:3796

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 412 -p 4372 -ip 4372
1⤵
PID:2112

memory/4372-133-0x00000000003E0000-0x00000000009E4000-memory.dmp

Filesize
6.0MB

Download
memory/4372-134-0x000000001C760000-0x000000001C7B4000-memory.dmp

Filesize
336KB

Download
memory/4372-135-0x000000001D6E0000-0x000000001D6F0000-memory.dmp

Filesize
64KB

Download
memory/4372-136-0x000000001D6E0000-0x000000001D6F0000-memory.dmp

Filesize
64KB

Download
memory/4372-137-0x000000001D6E0000-0x000000001D6F0000-memory.dmp

Filesize
64KB

Download
memory/4372-138-0x000000001D6E0000-0x000000001D6F0000-memory.dmp

Filesize
64KB

Download
memory/4372-139-0x000000001D6E0000-0x000000001D6F0000-memory.dmp

Filesize
64KB

Download
memory/4372-140-0x000000001D6E0000-0x000000001D6F0000-memory.dmp

Filesize
64KB

Download