snakekeylogger | 3071ac42b0c7407d7982843858e9df6a697f4b83dd4281394fef5e79bfea2bb5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

3071ac42b0...bb5.js

windows7-x64

8

3071ac42b0...bb5.js

windows10-2004-x64

Sharing

General

Target

3071ac42b0c7407d7982843858e9df6a697f4b83dd4281394fef5e79bfea2bb5
Size

271KB
Sample

240725-lv7bas1hqp
MD5

06423b5a0a4d4f444ea943e2bdaa5461
SHA1

3f839dd6da834bc4df8faf8bac49dd7f34b5cd50
SHA256

3071ac42b0c7407d7982843858e9df6a697f4b83dd4281394fef5e79bfea2bb5
SHA512

ce60a82182ab2cc122b50a34131d0c376ebf1c14286658603199a4eefb6153bae18201400a5b29c4dbead906be9aeb028155a1d1af531c1fb81cf79e00f5d759
SSDEEP

1536:PfINtK3IadjNM9h/IaOlaStsiuvErox1Rti/KCEBFjgnC2EoKyr/sK4tF6ROX1Lu:PIyuvuM2EM0l3hWAzmp4h2GWjyHW

Score

10^/10

snakekeylogger collection credential_access discovery execution keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

3071ac42b0c7407d7982843858e9df6a697f4b83dd4281394fef5e79bfea2bb5.js

Resource

win7-20240704-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

3071ac42b0c7407d7982843858e9df6a697f4b83dd4281394fef5e79bfea2bb5.js

Resource

win10v2004-20240709-en

snakekeylogger collection credential_access discovery execution keylogger stealer

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
zulpine.shop
Port:
587
Username:
[email protected]
Password:
LES5hyhe2NTe
Email To:
[email protected]

Targets

- Target
  
  3071ac42b0c7407d7982843858e9df6a697f4b83dd4281394fef5e79bfea2bb5
- Size
  
  271KB
- MD5
  
  06423b5a0a4d4f444ea943e2bdaa5461
- SHA1
  
  3f839dd6da834bc4df8faf8bac49dd7f34b5cd50
- SHA256
  
  3071ac42b0c7407d7982843858e9df6a697f4b83dd4281394fef5e79bfea2bb5
- SHA512
  
  ce60a82182ab2cc122b50a34131d0c376ebf1c14286658603199a4eefb6153bae18201400a5b29c4dbead906be9aeb028155a1d1af531c1fb81cf79e00f5d759
- SSDEEP
  
  1536:PfINtK3IadjNM9h/IaOlaStsiuvErox1Rti/KCEBFjgnC2EoKyr/sK4tF6ROX1Lu:PIyuvuM2EM0l3hWAzmp4h2GWjyHW
Score

10^/10

execution snakekeylogger collection credential_access discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectioncredential_accessdiscoveryexecutionkeyloggerstealer

© 2018-2025

Terms | Privacy