snakekeylogger | b561c830e29a62d9938dd414e80646592df5becfb7249770d18fdba021a79c5a | Triage

Submit
Reports

Overview

overview

Static

static

3

85f7f26cd9...13.exe

windows10-2004-x64

Sharing

General

Target

payment advice.exe.zip
Size

512KB
Sample

240917-ygk75a1fjb
MD5

ceedf123405ab11c3652e71233edc8d4
SHA1

efe21b819478d312c30b3b8d8fbb7cbdbd9e2994
SHA256

b561c830e29a62d9938dd414e80646592df5becfb7249770d18fdba021a79c5a
SHA512

7765b61a709e7669412cc2191c5e702284bb71cfcf0a0815bdabe21c24c5dfd98cb544890bc4548421861de9a4b49cee38659c5ec7ca5eee0b09a3f0cbc1f667
SSDEEP

12288:6vA4vGekf1uvTB0kRPyG4Fmnam4NBRLDhuMt6hmMm:z3fWnRxdaDBhVEm

Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

85f7f26cd9cfb9ab367d083f60b48e1594b1eadf8dd1a792c347273684855013.exe

Resource

win10v2004-20240802-en

snakekeylogger collection credential_access discovery keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.stilltech.ro
Port:
587
Username:
[email protected]
Password:
eurobit555ro
Email To:
[email protected]

Targets

- Target
  
  85f7f26cd9cfb9ab367d083f60b48e1594b1eadf8dd1a792c347273684855013.exe
- Size
  
  830KB
- MD5
  
  2c4ce1a8eaabb150842428fad62d3aa5
- SHA1
  
  3b363403e579459a7954c4564c950041327c755c
- SHA256
  
  85f7f26cd9cfb9ab367d083f60b48e1594b1eadf8dd1a792c347273684855013
- SHA512
  
  7d7ff21e01c5ede70104f2819c3d61056df222ad6943bb257c1dfa38ff9d4f8b2da070b97847f8b76a5e881e99c10db754334022a3f9eb4f12ffcc4e3f0bbbb5
- SSDEEP
  
  12288:fWmfDfxt7J0iJKfJDbV5wPw2a7iLv1/L5le289QgM8B:72RfJW1Ciblvng
Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy