snakekeylogger | 6f3a73b2d5dcc2811da8665e9c8487db7575df80117589b3287d1fb9ae60b366 | Triage

Submit
Reports

Overview

overview

Static

static

5

Documentos...o..exe

windows7-x64

Documentos...o..exe

windows10-2004-x64

Sharing

General

Target

14092024_0144_13092024_Documentos de envío..zip
Size

620KB
Sample

240914-b5vp5s1ekd
MD5

8ea12ae20afd9f0b2674ab89864421d9
SHA1

2aca36b9048e494d02d1773f98f2ccefd98592fd
SHA256

6f3a73b2d5dcc2811da8665e9c8487db7575df80117589b3287d1fb9ae60b366
SHA512

c5fb251c04f015837b0c89bef21d2843a92a1f29d5bff29208e818d307041e4fdb0bf90c856bbdecf6d2a99dfd51a1360de3cbc0db3907922122b417d131f161
SSDEEP

12288:drnZvesjl15fj9Kt5w1ll89UlhfbnBXBd834dLzOWT5AuUou/ovWD2:9NestI7Az8+DnBXTPZT5Hxu/oi2

Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Documentos de envo..exe

Resource

win7-20240903-en

snakekeylogger collection credential_access discovery keylogger stealer

windows7-x64

15 signatures

300 seconds

Behavioral task

behavioral2

Sample

Documentos de envo..exe

Resource

win10v2004-20240802-en

snakekeylogger collection credential_access discovery keylogger stealer

windows10-2004-x64

15 signatures

300 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.skagenships.com
Port:
587
Username:
[email protected]
Password:
XAqEAz@4

Targets

- Target
  
  Documentos de envo..exe
- Size
  
  1.0MB
- MD5
  
  64250fbc0c8194727c46f0a4ab569139
- SHA1
  
  9f08f52161a6870763b7beae581524f41e4260cb
- SHA256
  
  c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3
- SHA512
  
  55f534333a39b36b5e99f551c286282bba7ce346c91014cd42b520471f86dcc5cb4c2681ce6a0e02224f2ae6970fa5d32294ee63839b4a6521914ced8dba0ee4
- SSDEEP
  
  24576:o5EmXFtKaL4/oFe5T9yyXYfP1ijXdamU3JupouR+:oPVt/LZeJbInQRam9
Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

behavioral2

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy