snakekeylogger | de14f0684525fb1e88fd930b745955d6e7d007b664c9643fd6ef03568e234a4e

Analysis

max time kernel
65s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
03/05/2023, 03:44

Target

SnakeKeylogger-main/bin/Release/Snake Keylogger.exe
Size

6.0MB
MD5

7d9c8e2d6d6bf957a1ebda127c084652
SHA1

2ff3951d6b5113902fde10f484d31b8d35912baf
SHA256

fd6e3c0c6a443a9872a082f02955ca8cf7bc7f42752fdc0fe01622a5d35d07bf
SHA512

cda06d41880d1b23f086bfbec0fe19f3cd787b1fdd0e2d4a8f80747fb42b088ed7cbc456f8862b979b7c94b5f0ba313749797f998867fccf17482d947860c933
SSDEEP

49152:Hus/0tGxAPbN34EG1nFCiQ9bozruSX0RIglO1CuL9VNcaCdGczKITh1fk1gkLF:Os0tGx7K6rt6MpChJCj

Score

10^/10

Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
stealer keylogger snakekeylogger

Snake Keylogger payload 1 IoCs

resource	yara_rule
behavioral13/memory/1100-54-0x0000000000990000-0x0000000000F94000-memory.dmp	family_snakekeylogger

Beds Protector Packer 1 IoCs

Detects Beds Protector packer used to load .NET malware.

resource	yara_rule
behavioral13/memory/1100-54-0x0000000000990000-0x0000000000F94000-memory.dmp	beds_protector

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1824	1100	WerFault.exe	25

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 1824	1100	Snake Keylogger.exe	27
PID 1100 wrote to memory of 1824	1100	Snake Keylogger.exe	27
PID 1100 wrote to memory of 1824	1100	Snake Keylogger.exe	27

C:\Users\Admin\AppData\Local\Temp\SnakeKeylogger-main\bin\Release\Snake Keylogger.exe
"C:\Users\Admin\AppData\Local\Temp\SnakeKeylogger-main\bin\Release\Snake Keylogger.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1100 -s 1524
  2⤵
  - Program crash
  PID:1824

memory/1100-54-0x0000000000990000-0x0000000000F94000-memory.dmp

Filesize
6.0MB

Download
memory/1100-55-0x0000000000660000-0x00000000006B4000-memory.dmp

Filesize
336KB

Download
memory/1100-56-0x00000000028B0000-0x0000000002930000-memory.dmp

Filesize
512KB

Download
memory/1100-57-0x00000000028B0000-0x0000000002930000-memory.dmp

Filesize
512KB

Download
memory/1100-58-0x00000000028B0000-0x0000000002930000-memory.dmp

Filesize
512KB

Download
memory/1100-59-0x00000000028B0000-0x0000000002930000-memory.dmp

Filesize
512KB

Download
memory/1100-60-0x00000000028B0000-0x0000000002930000-memory.dmp

Filesize
512KB

Download
memory/1100-61-0x00000000028B0000-0x0000000002930000-memory.dmp

Filesize
512KB

Download