snakekeylogger | 68f31e476ab5d2024565f79f7576831a94a232e27a20a1fbe9e6ced3d4056263 | Triage

Submit
Reports

Overview

overview

Static

static

7

cbc7aacb22...24.exe

windows7-x64

7

cbc7aacb22...24.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

cbc7aacb22ac144ca5f15c78466dca24
Size

569KB
Sample

240315-szy9taca5t
MD5

cbc7aacb22ac144ca5f15c78466dca24
SHA1

caa3b098f36c5e5821c7411ebd401611e96822cb
SHA256

68f31e476ab5d2024565f79f7576831a94a232e27a20a1fbe9e6ced3d4056263
SHA512

2f858d912efaf7c60bd5d2cec9a59fe68620ac9d62d3b80e828a119efcd4a9cfcf0048a7129a3e101acc03a70297a3f284c53cc37129d8559db9a526623ddaf9
SSDEEP

12288:oXe9PPlowWX0t6mOQwg1Qd15CcYk0We13hjuI+NVsH9h775lmVHLI7nk:lhloDX0XOf4Hm0z7SHcQ

Score

10^/10

snakekeylogger keylogger stealer upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

cbc7aacb22ac144ca5f15c78466dca24.exe

Resource

win7-20240221-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

cbc7aacb22ac144ca5f15c78466dca24.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1816395306:AAE3ZBLYV2L9aT9mL8itL9vr3RP6nOz_B1o/sendMessage?chat_id=1368673464

Targets

- Target
  
  cbc7aacb22ac144ca5f15c78466dca24
- Size
  
  569KB
- MD5
  
  cbc7aacb22ac144ca5f15c78466dca24
- SHA1
  
  caa3b098f36c5e5821c7411ebd401611e96822cb
- SHA256
  
  68f31e476ab5d2024565f79f7576831a94a232e27a20a1fbe9e6ced3d4056263
- SHA512
  
  2f858d912efaf7c60bd5d2cec9a59fe68620ac9d62d3b80e828a119efcd4a9cfcf0048a7129a3e101acc03a70297a3f284c53cc37129d8559db9a526623ddaf9
- SSDEEP
  
  12288:oXe9PPlowWX0t6mOQwg1Qd15CcYk0We13hjuI+NVsH9h775lmVHLI7nk:lhloDX0XOf4Hm0z7SHcQ
Score

10^/10

upx snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggerkeyloggerstealerupx

© 2018-2025

Terms | Privacy