snakekeylogger | ef263c250445fa7bdc89056b3bccad7392d5b51b54bcd605efc949a5bed65a2c | Triage

Submit
Reports

Overview

overview

Static

static

3

proforma_I...76.exe

windows7-x64

proforma_I...76.exe

windows10-2004-x64

Sharing

General

Target

proforma_Invoice_0009300_74885959969_9876.exe
Size

475KB
Sample

240318-qkfg2sac7s
MD5

8edf0c1d21d2c8af7ec391b6d41e7956
SHA1

608f1c3c75a4910b6ce7519f58ab3958349b4fcb
SHA256

ef263c250445fa7bdc89056b3bccad7392d5b51b54bcd605efc949a5bed65a2c
SHA512

607ddaaca6ce64dab274b6ebdf84968c81f0712e9bea10a2733f3f4a27a85c7ce5b001e111ddd615bc1606059e993e7f8a6f77725a511163b026557da6bcc8bb
SSDEEP

12288:lKnXO0XBsehmTPtbvlTuy7EBXWaebaC31Xykn1IXPYnc:uRQp1uiEBXWaebaC31ikn1I/Yc

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

proforma_Invoice_0009300_74885959969_9876.exe

Resource

win7-20240221-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

proforma_Invoice_0009300_74885959969_9876.exe

Resource

win10v2004-20240226-en

snakekeylogger keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  proforma_Invoice_0009300_74885959969_9876.exe
- Size
  
  475KB
- MD5
  
  8edf0c1d21d2c8af7ec391b6d41e7956
- SHA1
  
  608f1c3c75a4910b6ce7519f58ab3958349b4fcb
- SHA256
  
  ef263c250445fa7bdc89056b3bccad7392d5b51b54bcd605efc949a5bed65a2c
- SHA512
  
  607ddaaca6ce64dab274b6ebdf84968c81f0712e9bea10a2733f3f4a27a85c7ce5b001e111ddd615bc1606059e993e7f8a6f77725a511163b026557da6bcc8bb
- SSDEEP
  
  12288:lKnXO0XBsehmTPtbvlTuy7EBXWaebaC31Xykn1IXPYnc:uRQp1uiEBXWaebaC31ikn1I/Yc
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2025

Terms | Privacy