snakekeylogger | c4cd9b5ae0fb9e561cc3aa7d76751091771fcd4fb868425a3dd425b940dce753 | Triage

Submit
Reports

Overview

overview

Static

static

5

PO_ESTM36_...MT.exe

windows7-x64

PO_ESTM36_...MT.exe

windows10-2004-x64

Sharing

General

Target

PO_ESTM36_QTY_105MT.exe
Size

1.2MB
Sample

240917-j8tw1stald
MD5

b797163d4e0060cd23e1f35e45576e4b
SHA1

872a7c0df1e1aa6fe1def0816f373a072fa87b55
SHA256

c4cd9b5ae0fb9e561cc3aa7d76751091771fcd4fb868425a3dd425b940dce753
SHA512

4f11b6b3cdd42cac0c9bd5dd6647e33d6c3ce0f2407f8b19aa02c058b2532a329b09fcb561ba437df94e45feb3f84b1b86c4a3e26f1d2354bf5d663f757a656a
SSDEEP

24576:uRmJkcoQricOIQxiZY1iaCJFauIHvTpzBOykZOBZ:7JZoQrbTFZY1iaC7auIHv1tOZI

Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PO_ESTM36_QTY_105MT.exe

Resource

win7-20240903-en

snakekeylogger collection credential_access discovery keylogger stealer

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO_ESTM36_QTY_105MT.exe

Resource

win10v2004-20240802-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7418862784:AAE9O3fZ33t7jMwhLBXYH65xk368DTTUtx0/sendMessage?chat_id=1224745150

Targets

- Target
  
  PO_ESTM36_QTY_105MT.exe
- Size
  
  1.2MB
- MD5
  
  b797163d4e0060cd23e1f35e45576e4b
- SHA1
  
  872a7c0df1e1aa6fe1def0816f373a072fa87b55
- SHA256
  
  c4cd9b5ae0fb9e561cc3aa7d76751091771fcd4fb868425a3dd425b940dce753
- SHA512
  
  4f11b6b3cdd42cac0c9bd5dd6647e33d6c3ce0f2407f8b19aa02c058b2532a329b09fcb561ba437df94e45feb3f84b1b86c4a3e26f1d2354bf5d663f757a656a
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCJFauIHvTpzBOykZOBZ:7JZoQrbTFZY1iaC7auIHv1tOZI
Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy