snakekeylogger | 25b63b3a026c90ec93761d36942c35359bb0be3ba1a8bd3c850719cdeb3a8ac7 | Triage

Submit
Reports

Overview

overview

Static

static

5

25b63b3a02...c7.exe

windows7-x64

25b63b3a02...c7.exe

windows10-2004-x64

Sharing

General

Target

25b63b3a026c90ec93761d36942c35359bb0be3ba1a8bd3c850719cdeb3a8ac7.exe
Size

1.1MB
Sample

240319-clb95afc61
MD5

50dc0b1a9dbe1bb035c7cc37a18bcbdc
SHA1

091b15eebe735fbea53952a4a1b41aa0fd30f3a7
SHA256

25b63b3a026c90ec93761d36942c35359bb0be3ba1a8bd3c850719cdeb3a8ac7
SHA512

42d62c3b85883f5ee5af15a2097738b0332ef2438bf0bf2caca4143c067ccc67f65dcb5a322e09abc8f9d025cd3bc4c5bed0ed60e8ab32945d1b0bb935ec878c
SSDEEP

24576:oRmJkcoQricOIQxiZY1iay8ib9RqK98LqBfDZoM:NJZoQrbTFZY1iay8ibHqK98LofVT

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

25b63b3a026c90ec93761d36942c35359bb0be3ba1a8bd3c850719cdeb3a8ac7.exe

Resource

win7-20240221-en

snakekeylogger collection keylogger stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

25b63b3a026c90ec93761d36942c35359bb0be3ba1a8bd3c850719cdeb3a8ac7.exe

Resource

win10v2004-20240226-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  25b63b3a026c90ec93761d36942c35359bb0be3ba1a8bd3c850719cdeb3a8ac7.exe
- Size
  
  1.1MB
- MD5
  
  50dc0b1a9dbe1bb035c7cc37a18bcbdc
- SHA1
  
  091b15eebe735fbea53952a4a1b41aa0fd30f3a7
- SHA256
  
  25b63b3a026c90ec93761d36942c35359bb0be3ba1a8bd3c850719cdeb3a8ac7
- SHA512
  
  42d62c3b85883f5ee5af15a2097738b0332ef2438bf0bf2caca4143c067ccc67f65dcb5a322e09abc8f9d025cd3bc4c5bed0ed60e8ab32945d1b0bb935ec878c
- SSDEEP
  
  24576:oRmJkcoQricOIQxiZY1iay8ib9RqK98LqBfDZoM:NJZoQrbTFZY1iay8ibHqK98LofVT
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables with potential process hoocking
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy