snakekeylogger | 0374f4818c6b9ea88e9a8e8ae7f36ff7a7c66704fe110e3005b5ba6704d4edc4 | Triage

Submit
Reports

Overview

overview

Static

static

3

Payment_Re...�..exe

windows7-x64

Payment_Re...�..exe

windows10-2004-x64

Sharing

General

Target

Payment_Receipt_Copy.xlxss͏x͏l͏x͏..exe
Size

2.2MB
Sample

240809-h94xyaxgmn
MD5

3cf077ee2e506e16cc65d9d93d2d094e
SHA1

5e7b08bded387f0df8f01e9c15a4b10dd93fc33c
SHA256

0374f4818c6b9ea88e9a8e8ae7f36ff7a7c66704fe110e3005b5ba6704d4edc4
SHA512

cab26c72ff371a02e5e5576d6bcb0de06feb7b0b3d87671379107ba83ed3f38004f0de1f02f52fe5680d0f5c4d1529753491b9325de79756962eabc2113252ef
SSDEEP

49152:5WiP0wV0hJ5VGx6ODJ1+nEtWX33oG1SdvoGSbVUWE:dVUcUabFVeOWE

Score

10^/10

snakekeylogger discovery evasion execution keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Payment_Receipt_Copy.xlxss͏x͏l͏x͏..exe

Resource

win7-20240705-en

snakekeylogger discovery evasion execution keylogger stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment_Receipt_Copy.xlxss͏x͏l͏x͏..exe

Resource

win10v2004-20240802-en

snakekeylogger discovery evasion execution keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7326718143:AAHCoPbdl01YWgtL8Z76U43CTNQwWuaC5Lk/sendMessage?chat_id=7121607304

Targets

- Target
  
  Payment_Receipt_Copy.xlxss͏x͏l͏x͏..exe
- Size
  
  2.2MB
- MD5
  
  3cf077ee2e506e16cc65d9d93d2d094e
- SHA1
  
  5e7b08bded387f0df8f01e9c15a4b10dd93fc33c
- SHA256
  
  0374f4818c6b9ea88e9a8e8ae7f36ff7a7c66704fe110e3005b5ba6704d4edc4
- SHA512
  
  cab26c72ff371a02e5e5576d6bcb0de06feb7b0b3d87671379107ba83ed3f38004f0de1f02f52fe5680d0f5c4d1529753491b9325de79756962eabc2113252ef
- SSDEEP
  
  49152:5WiP0wV0hJ5VGx6ODJ1+nEtWX33oG1SdvoGSbVUWE:dVUcUabFVeOWE
Score

10^/10

snakekeylogger discovery evasion execution keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Disables RegEdit via registry modification
  evasion
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoveryevasionexecutionkeyloggerstealer

behavioral2

snakekeyloggerdiscoveryevasionexecutionkeyloggerstealer

© 2018-2025

Terms | Privacy