snakekeylogger | 33631395a384f6e9324a449e1a128273258f3dcc7702399b4e1c3614e2e53ac5 | Triage

Submit
Reports

Overview

overview

Static

static

5

Shipping D...df.exe

windows7-x64

Shipping D...df.exe

windows10-2004-x64

Sharing

General

Target

db606e13-f9f7-41f0-0f08-08dcd6ba77fc.arj
Size

643KB
Sample

240918-jnbjyazdpf
MD5

6e4ae34c73751b343355ae342864c4da
SHA1

5a4a781062e16fffaad56abb6ec58d06cd7cce9a
SHA256

33631395a384f6e9324a449e1a128273258f3dcc7702399b4e1c3614e2e53ac5
SHA512

4bc803f83a5d7a5482684b7019c5ca85d045f2327f26e8339dddd03358c4871d11e0decb0890b9f728ee369b0456aec78594b85b440d6a894d28f8bf221f5c7f
SSDEEP

12288:DCLWkiNtbsCCje39cdViQAICUTKSTeT/pgRIgqMTB775ZRnskPcvjk9mcCZqyY:mkNaCC/7HNjBp75vZcVrY

Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Shipping Documents_Pdf.exe

Resource

win7-20240729-en

snakekeylogger collection credential_access discovery keylogger stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

Shipping Documents_Pdf.exe

Resource

win10v2004-20240802-en

snakekeylogger collection credential_access discovery keylogger stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.al-subai.com
Port:
587
Username:
[email protected]
Password:
A_Sadek1962
Email To:
[email protected]

Targets

- Target
  
  Shipping Documents_Pdf.exe
- Size
  
  1.0MB
- MD5
  
  555219b2b681da0f48f4c2394ee04855
- SHA1
  
  96f59a675baeb6f6a363920abff8906cb17350d4
- SHA256
  
  69b55bbf73f29774d66ed8da3c99673da991632f347fd99b2a200aee80aebf7b
- SHA512
  
  81938c46020ab3f906809f7eadd321eabc177248c8064ee35fca69ce868017af0d44091cabe687f17961fdedf0fec36e39cecf6dbc2d9d33ba2e52529656bf32
- SSDEEP
  
  24576:pRmJkcoQricOIQxiZY1iaajkdBz28cdmUu/Zj6l/NYG:mJZoQrbTFZY1iaikGMbj6l/qG
Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

behavioral2

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy