snakekeylogger | 78c0352da41b3c206b12ea2d8d3f96c33c361e2211437c9746629023b1f0c094 | Triage

Submit
Reports

Overview

overview

Static

static

3

3988c73d0f...13.exe

windows7-x64

3988c73d0f...13.exe

windows10-2004-x64

Sharing

General

Target

3988c73d0fe8cc854333752bc9c16413
Size

547KB
Sample

231231-rl7tcscfgr
MD5

3988c73d0fe8cc854333752bc9c16413
SHA1

607cf59d672fc032bcd63caa0e77b0c3a62121b9
SHA256

78c0352da41b3c206b12ea2d8d3f96c33c361e2211437c9746629023b1f0c094
SHA512

1ac7d447c0ce756af2bfc381dc1c8d939e0e649d76ead8da7d9abd24dee3758192a6bd0cd9bcef5e72f2df507a18a8f1bde3b89867eb17895fb0f18b0faf0744
SSDEEP

12288:iDjhrIh5IkB3OH3tguqnqd6KcuM4ry5ehNhjKUSotTkFW/Y74U:iDjhr0IJ9gydpcB4Q

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3988c73d0fe8cc854333752bc9c16413.exe

Resource

win7-20231215-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

3988c73d0fe8cc854333752bc9c16413.exe

Resource

win10v2004-20231222-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
webmail.aquariushotelboutique.com
Port:
25
Username:
[email protected]
Password:
6)fvPIxcEVwT
Email To:
[email protected]

Targets

- Target
  
  3988c73d0fe8cc854333752bc9c16413
- Size
  
  547KB
- MD5
  
  3988c73d0fe8cc854333752bc9c16413
- SHA1
  
  607cf59d672fc032bcd63caa0e77b0c3a62121b9
- SHA256
  
  78c0352da41b3c206b12ea2d8d3f96c33c361e2211437c9746629023b1f0c094
- SHA512
  
  1ac7d447c0ce756af2bfc381dc1c8d939e0e649d76ead8da7d9abd24dee3758192a6bd0cd9bcef5e72f2df507a18a8f1bde3b89867eb17895fb0f18b0faf0744
- SSDEEP
  
  12288:iDjhrIh5IkB3OH3tguqnqd6KcuM4ry5ehNhjKUSotTkFW/Y74U:iDjhr0IJ9gydpcB4Q
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2025

Terms | Privacy