snakekeylogger | 2aa09add727ea0122ffff0f3e5cd8d8be7928cf0b5d2dc6c6160eb739db46ea5 | Triage

Submit
Reports

Overview

overview

Static

static

3

d7a6518fcb...78.exe

windows7-x64

d7a6518fcb...78.exe

windows10-2004-x64

7

gvtrg.exe

windows7-x64

3

gvtrg.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

Target

d7a6518fcbe2f5ff77ffe403bf1291c8bfaaad75d92d15f886ab37a70b9df278.exe
Size

323KB
Sample

240127-gdnqeafhgr
MD5

0ce9779dfc4cb8096d118e48dc390b01
SHA1

84a3b8246ac70e69a97c79228e78c4a268309b2a
SHA256

2aa09add727ea0122ffff0f3e5cd8d8be7928cf0b5d2dc6c6160eb739db46ea5
SHA512

9152e4c72a8df9e30e7867c47c3887f68cce8ed986305677e3efb5971fef0a7beb5cfc07885b2dfa1b176c5bcf0c8b201645acdda3f9295c68a88dbdfc696864
SSDEEP

6144:CB0aC4NEPZbw1ixFHNt5ArWaAKSGLNTT4Qu+e3CDol2h2:iCgEeUxFHsTAKSGlTaVCcZ

Score

10^/10

snakekeylogger collection keylogger spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d7a6518fcbe2f5ff77ffe403bf1291c8bfaaad75d92d15f886ab37a70b9df278.exe

Resource

win7-20231215-en

snakekeylogger collection keylogger spyware stealer

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

d7a6518fcbe2f5ff77ffe403bf1291c8bfaaad75d92d15f886ab37a70b9df278.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

gvtrg.exe

Resource

win7-20231215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

gvtrg.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  d7a6518fcbe2f5ff77ffe403bf1291c8bfaaad75d92d15f886ab37a70b9df278.exe
- Size
  
  323KB
- MD5
  
  0ce9779dfc4cb8096d118e48dc390b01
- SHA1
  
  84a3b8246ac70e69a97c79228e78c4a268309b2a
- SHA256
  
  2aa09add727ea0122ffff0f3e5cd8d8be7928cf0b5d2dc6c6160eb739db46ea5
- SHA512
  
  9152e4c72a8df9e30e7867c47c3887f68cce8ed986305677e3efb5971fef0a7beb5cfc07885b2dfa1b176c5bcf0c8b201645acdda3f9295c68a88dbdfc696864
- SSDEEP
  
  6144:CB0aC4NEPZbw1ixFHNt5ArWaAKSGLNTT4Qu+e3CDol2h2:iCgEeUxFHsTAKSGlTaVCcZ
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables using Telegram Chat Bot
- Detects executables with potential process hoocking
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  gvtrg.exe
- Size
  
  333KB
- MD5
  
  a42ac3476a247ae59fbf0ad81b2474ec
- SHA1
  
  a59eaa90255011fec45719011c839e104c2d189c
- SHA256
  
  741e4903ef5370f53839c4ad1ec5fe42731ab149d250557d5a0cfba38743e9f1
- SHA512
  
  aeb32d6813bb09ebc5cf35d6c3e5cc51af3c1387e4706fb882291669b17c4b5775d4c68a10d2dc156cfc2d26bd1a3c73012aadff013f5e59f1b797cb8a5131d4
- SSDEEP
  
  6144:F4f/BOG5NwJ6M4XCARlXFTWc//SqMb1iRWuuu49oOVdmqQB16EMRvM/QqUuJ5d5:F4f/BOKNnM4XCARlXFTWc//SVb1xuuun
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerspywarestealer

behavioral2

behavioral3

behavioral4

© 2018-2025

Terms | Privacy