snakekeylogger | 9489bbf4b51b344c381683f04c60d7f6d73580af9b9e9b2b6dc395a0138f89f9 | Triage

Submit
Reports

Overview

overview

Static

static

3

97653456890SK.exe

windows7-x64

97653456890SK.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

97653456890SK.exe
Size

2.8MB
Sample

230505-nhqh5ahg59
MD5

da29b25f1adc381d121c8ba9491ab8c7
SHA1

b53e7a602e92b695677ab8b6e4b1f41f3ebf521e
SHA256

9489bbf4b51b344c381683f04c60d7f6d73580af9b9e9b2b6dc395a0138f89f9
SHA512

ae398984afb4755136b7ca960d85c3b52ee81885646547387b64e7aaf978339afe0e7002fef5db3a74f10d711529ca4482ad45864c294de7a413e6a1377b6107
SSDEEP

49152:sH8IHOSXcA44fAYz1sahArGSnovaPMNagNeI:sH1/SzFMNN

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

97653456890SK.exe

Resource

win7-20230220-en

snakekeylogger keylogger stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

97653456890SK.exe

Resource

win10v2004-20230220-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5801425382:AAG5b4PUEaqNDv5uP9ejZGeIHeuzzOD4IHY/sendMessage?chat_id=5812329204

Targets

- Target
  
  97653456890SK.exe
- Size
  
  2.8MB
- MD5
  
  da29b25f1adc381d121c8ba9491ab8c7
- SHA1
  
  b53e7a602e92b695677ab8b6e4b1f41f3ebf521e
- SHA256
  
  9489bbf4b51b344c381683f04c60d7f6d73580af9b9e9b2b6dc395a0138f89f9
- SHA512
  
  ae398984afb4755136b7ca960d85c3b52ee81885646547387b64e7aaf978339afe0e7002fef5db3a74f10d711529ca4482ad45864c294de7a413e6a1377b6107
- SSDEEP
  
  49152:sH8IHOSXcA44fAYz1sahArGSnovaPMNagNeI:sH1/SzFMNN
Score

10^/10

snakekeylogger keylogger stealer collection
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy