snakekeylogger | d46e23608d5cc726361fe3a72531a4e5f5f8e71157af93554e7b16162c9ffc68 | Triage

Submit
Reports

Overview

overview

Static

static

3

Kurumlu pr...17.exe

windows7-x64

Kurumlu pr...17.exe

windows10-2004-x64

Sharing

General

Target

Kurumlu_projesi_SLG620-50mm_0190__fiyat_teklif_-_LBAGUK2_-_PO240017_docs.z
Size

573KB
Sample

240906-q7m6eazcll
MD5

b5c02d264c0d581492454fb72716307a
SHA1

108fbebeeeb7775d40f9e36ab002ece0a7eaa301
SHA256

d46e23608d5cc726361fe3a72531a4e5f5f8e71157af93554e7b16162c9ffc68
SHA512

a7d181d5d6076f87413bc4d6f51cd270887948e133bbf0feec3f59604c9d5a851274474914022e6766ac5fa8c35aa23fd214c826e7545662798943eb7eef8d1c
SSDEEP

12288:hquN+Q9lPOlR5fnXFtOrY7E9ooMtsHo+r8tAvCYjp5Cm+:hfgQT2lR5fP9KLMWpr575Cf

Score

10^/10

snakekeylogger discovery execution keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Kurumlu projesi_SLG620-50mm%0190%_fiyat teklif - LBAGUK2 - PO240017.exe

Resource

win7-20240708-en

snakekeylogger discovery execution keylogger stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Kurumlu projesi_SLG620-50mm%0190%_fiyat teklif - LBAGUK2 - PO240017.exe

Resource

win10v2004-20240802-en

snakekeylogger discovery execution keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  Kurumlu projesi_SLG620-50mm%0190%_fiyat teklif - LBAGUK2 - PO240017.exe
- Size
  
  658KB
- MD5
  
  1ee3c91efd3a13e0d2f71f265b718768
- SHA1
  
  b71ba5d2a98250a766b8c41db6b1ae23d7390b30
- SHA256
  
  0f1c89fa424bfd1165b5fa3c2d73605b477ac9649731e3560e46875308f1a3a1
- SHA512
  
  64a67d96c65191b99df58627ed89bb9b2c671719f3e5b7b8b1b89c3a170fc4e7df9afc24201e306f8c562c833b9d2211b79b09d30a5319565fce8f4fc7eb4e73
- SSDEEP
  
  12288:oZLeIqXItQCFUlSQTBx1z4yWgvJ7WrQlUJIzY8V1P4TmyDPSTOqn+efW0LAP2Zob:EL78MJkKJKY8V1PoBuTHfWwg2Zot
Score

10^/10

snakekeylogger discovery execution keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoveryexecutionkeyloggerstealer

behavioral2

snakekeyloggerdiscoveryexecutionkeyloggerstealer

© 2018-2025

Terms | Privacy