snakekeylogger | 29147631e89dcb9d3dfe17a9d893f40036197f56d0d89409c8bc0255f3124a10 | Triage

Submit
Reports

Overview

overview

Static

static

3

Office Sup...er.exe

windows7-x64

Office Sup...er.exe

windows10-2004-x64

Sharing

General

Target

29147631e89dcb9d3dfe17a9d893f40036197f56d0d89409c8bc0255f3124a10.zip
Size

297KB
Sample

240611-bgjmzaxhkd
MD5

3e9cd04edca71a1f1c52611d119383ef
SHA1

8a50a8f67d014a8f55de10dc72367d6602613bb1
SHA256

29147631e89dcb9d3dfe17a9d893f40036197f56d0d89409c8bc0255f3124a10
SHA512

1143837b38e205964b7e16939cb61d40f52541c10fcd149c2e15db882634e38e889f65d152529bef01d411dedb05788fc88420220d6ec60cbb25d06c9e426e91
SSDEEP

6144:s64jxHEEQj4HyZpkG3ib8VNAQEDSkZMTA6A3pDrQIK:idkERHtG3++SQRkZcA53py

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Office Suppliers Order.exe

Resource

win7-20240508-en

snakekeylogger keylogger stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Office Suppliers Order.exe

Resource

win10v2004-20240508-en

snakekeylogger keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
valleycountysar.org
Port:
26
Username:
[email protected]
Password:
fY,FLoadtsiF

C2

http://103.130.147.85

Targets

- Target
  
  Office Suppliers Order.exe
- Size
  
  491KB
- MD5
  
  a7792cb3a690bac7f8ee651507b3d144
- SHA1
  
  045251215b95d3e8005d015e5372715ff5bf7acc
- SHA256
  
  c00363603655a42e3a2358992af739153ca55c0dc3df2868f25390d5ecdbf734
- SHA512
  
  f242f3426d84bd1e187c2ca21d501456ed0a46df690c712c937d99326b0d8f4ddc4be61e7ff7745b72a42f83ecc901d9e46de9eebecbb0dd2a96688a9f475983
- SSDEEP
  
  12288:ttMyF3ltmawOVahfG3+CSQ9vkk93YmCWWsGf:XM6ltmJa+CSQCk93XWsq
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- Detects executables with potential process hoocking
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2025

Terms | Privacy