snakekeylogger | 5704a693482f6acdedd64c7f3b51f4bb1b84d79b29e38c55724d59a866401e12 | Triage

Submit
Reports

Overview

overview

Static

static

7

47928899_9...99.exe

windows7-x64

7

47928899_9...99.exe

windows10-2004-x64

Sharing

General

Target

47928899_9692545608_20230828_11218099.7z
Size

1.5MB
Sample

230828-sf3swsbh77
MD5

cb570da5668ac14bdfd2c10cc7de6ad4
SHA1

b00deef1fa8e6289515795969ecef5420fc69cb7
SHA256

5704a693482f6acdedd64c7f3b51f4bb1b84d79b29e38c55724d59a866401e12
SHA512

b316be4f8dcd9f9529d15eaf6701d7d950ba479240514a5c34013d90fba900d7932353ad60567d3199a4eb4ea27381cefc330737756b7ed24113fab19fe50dfd
SSDEEP

49152:AhAM5aCpzDiqiTjU0ypfmmuLmTAaMNRz5sq5dFW3FEOlu:AhAMYCpzDcjL03ZxMvNi9lu

Score

10^/10

snakekeylogger keylogger stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

47928899_9692545608_20230828_11218099.exe

Resource

win7-20230712-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

47928899_9692545608_20230828_11218099.exe

Resource

win10v2004-20230703-en

snakekeylogger keylogger stealer upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.gkas.com.tr
Port:
587
Username:
[email protected]
Password:
Gkasteknik@2022

Targets

- Target
  
  47928899_9692545608_20230828_11218099.exe
- Size
  
  1.5MB
- MD5
  
  92efa77973c64d34e4e9ece2a72ce7ee
- SHA1
  
  dafa81235386e6a10f387ba4b61665119ad1235c
- SHA256
  
  00dd392927d9d236b9dc98f1fe174606ee9f51942a9ecd00b298331e2f5008ac
- SHA512
  
  9a6de5ee56d933b9ca9bb796800208135633cbc6ce7a131fa46d4a116764a35695136982ec6d5619245b22993bd22b3565a58d816522c4aaa01c4c0328d5384a
- SSDEEP
  
  49152:2FNO2aCN40TGhTyNaSp9rmapmTAadmRHhxQxdn8FgLOH:2FNOfCN40uyc4CLxdMBnFH
Score

10^/10

upx snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

snakekeyloggerkeyloggerstealerupx

© 2018-2025

Terms | Privacy