snakekeylogger | 15d4d43a625f4ac0d1e6ac4a60a1e43285e249b5c2dfb7c652fff6f491af1364 | Triage

Submit
Reports

Overview

overview

Static

static

5

PAYMENT CO...ON.exe

windows10-1703-x64

PAYMENT CO...ON.exe

windows7-x64

PAYMENT CO...ON.exe

windows10-2004-x64

Sharing

General

Target

PAYMENT CONFIRMATION.exe
Size

1.0MB
Sample

240725-x335dszaqn
MD5

675d183e4463f14c2bd8ec4b269ae2fb
SHA1

0a192d6a24bbd47e9fc69bd8c5e7679404faf2d4
SHA256

15d4d43a625f4ac0d1e6ac4a60a1e43285e249b5c2dfb7c652fff6f491af1364
SHA512

06c0fecd55f35a49cec6bbf4dc5b5559db6c02c594676e79c84a78b793ee49b814ceb9cfe5a9de0dddc8b8318d924ad2c137086f6de42b12c8012af341154c89
SSDEEP

24576:RqDEvCTbMWu7rQYlBQcBiT6rprG8a56Rkp0pe:RTvC/MTQYxsWR7a5Ckp0p

Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PAYMENT CONFIRMATION.exe

Resource

win10-20240404-en

snakekeylogger collection credential_access discovery keylogger stealer

windows10-1703-x64

13 signatures

600 seconds

Behavioral task

behavioral2

Sample

PAYMENT CONFIRMATION.exe

Resource

win7-20240705-en

snakekeylogger collection credential_access discovery keylogger stealer

windows7-x64

13 signatures

600 seconds

Behavioral task

behavioral3

Sample

PAYMENT CONFIRMATION.exe

Resource

win10v2004-20240709-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

10 signatures

600 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
t%qsN(y5t%qsN(y5

Targets

- Target
  
  PAYMENT CONFIRMATION.exe
- Size
  
  1.0MB
- MD5
  
  675d183e4463f14c2bd8ec4b269ae2fb
- SHA1
  
  0a192d6a24bbd47e9fc69bd8c5e7679404faf2d4
- SHA256
  
  15d4d43a625f4ac0d1e6ac4a60a1e43285e249b5c2dfb7c652fff6f491af1364
- SHA512
  
  06c0fecd55f35a49cec6bbf4dc5b5559db6c02c594676e79c84a78b793ee49b814ceb9cfe5a9de0dddc8b8318d924ad2c137086f6de42b12c8012af341154c89
- SSDEEP
  
  24576:RqDEvCTbMWu7rQYlBQcBiT6rprG8a56Rkp0pe:RTvC/MTQYxsWR7a5Ckp0p
Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

behavioral2

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

behavioral3

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy