snakekeylogger | 5d04e3c385baf9cf26f9805fd3739151de1549704f6701132e20787e2c195fa2 | Triage

Submit
Reports

Overview

overview

Static

static

3

c6157a2d89...b6.exe

windows7-x64

c6157a2d89...b6.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

c6157a2d8929ee7b7305c506b90232b6
Size

797KB
Sample

240313-rjjzhsge82
MD5

c6157a2d8929ee7b7305c506b90232b6
SHA1

4f7006625274cfdb3523dd186235f48bd3861406
SHA256

5d04e3c385baf9cf26f9805fd3739151de1549704f6701132e20787e2c195fa2
SHA512

ca6306fcfb703dc4a7a0b36062ec2a52121516bcc32590de2dba24b60597e027a56d0fc927bee5be7dfb611eac2ef4d0fdd7c9be1171b55f636980ea19ee74c1
SSDEEP

12288:QWDc9F3nC0Py3gAhMIYO2nyCRd2ROKRi82zR3VgZP7ZZhLCDdX8IyPumD:QzVOmyUlR82zRFePxsx0

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c6157a2d8929ee7b7305c506b90232b6.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

c6157a2d8929ee7b7305c506b90232b6.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
Blessings16
Email To:
[email protected]

Targets

- Target
  
  c6157a2d8929ee7b7305c506b90232b6
- Size
  
  797KB
- MD5
  
  c6157a2d8929ee7b7305c506b90232b6
- SHA1
  
  4f7006625274cfdb3523dd186235f48bd3861406
- SHA256
  
  5d04e3c385baf9cf26f9805fd3739151de1549704f6701132e20787e2c195fa2
- SHA512
  
  ca6306fcfb703dc4a7a0b36062ec2a52121516bcc32590de2dba24b60597e027a56d0fc927bee5be7dfb611eac2ef4d0fdd7c9be1171b55f636980ea19ee74c1
- SSDEEP
  
  12288:QWDc9F3nC0Py3gAhMIYO2nyCRd2ROKRi82zR3VgZP7ZZhLCDdX8IyPumD:QzVOmyUlR82zRFePxsx0
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2025

Terms | Privacy