snakekeylogger | bb64f5d78d45a7994988a5aea5c5fd06aa9be2106d38be875e3e7041d58a994a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5

bb64f5d78d...aN.exe

windows7-x64

bb64f5d78d...aN.exe

windows10-2004-x64

Sharing

General

Target

bb64f5d78d45a7994988a5aea5c5fd06aa9be2106d38be875e3e7041d58a994aN
Size

1.1MB
Sample

240916-z22ahszeqe
MD5

d19e57cc9fadabb7d0b4d5f29afaab80
SHA1

f0678c2796dbf40a30fcc4e9d2455641bd83866d
SHA256

bb64f5d78d45a7994988a5aea5c5fd06aa9be2106d38be875e3e7041d58a994a
SHA512

3f91e041a19d0316296244e58f04108cca4357e3b28785425fa24b3b9d5ce3b2ab26c2445c20b9719d9acd7920481c2a19597897fd6a69894f5cac58526b8c7a
SSDEEP

24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8a+gLAAB8CeF:sTvC/MTQYxsWR7a+gLAAte

Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

bb64f5d78d45a7994988a5aea5c5fd06aa9be2106d38be875e3e7041d58a994aN.exe

Resource

win7-20240903-en

snakekeylogger collection credential_access discovery keylogger stealer

windows7-x64

19 signatures

120 seconds

Behavioral task

behavioral2

Sample

bb64f5d78d45a7994988a5aea5c5fd06aa9be2106d38be875e3e7041d58a994aN.exe

Resource

win10v2004-20240802-en

snakekeylogger collection credential_access discovery keylogger stealer

windows10-2004-x64

18 signatures

120 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7505197168:AAH44rUOfgM2A0VfpI637HSQjCH00DQZX48/sendMessage?chat_id=875935923

Targets

- Target
  
  bb64f5d78d45a7994988a5aea5c5fd06aa9be2106d38be875e3e7041d58a994aN
- Size
  
  1.1MB
- MD5
  
  d19e57cc9fadabb7d0b4d5f29afaab80
- SHA1
  
  f0678c2796dbf40a30fcc4e9d2455641bd83866d
- SHA256
  
  bb64f5d78d45a7994988a5aea5c5fd06aa9be2106d38be875e3e7041d58a994a
- SHA512
  
  3f91e041a19d0316296244e58f04108cca4357e3b28785425fa24b3b9d5ce3b2ab26c2445c20b9719d9acd7920481c2a19597897fd6a69894f5cac58526b8c7a
- SSDEEP
  
  24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8a+gLAAB8CeF:sTvC/MTQYxsWR7a+gLAAte
Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

behavioral2

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy