snakekeylogger | ade287056a35378aa396ca400b0a39e2566d566612313a33edf89731ecce8bf5 | Triage

Submit
Reports

Overview

overview

Static

static

5

Payment Slip_Pdf.exe

windows7-x64

Payment Slip_Pdf.exe

windows10-2004-x64

Sharing

General

Target

b648a4b84b3e48bb3a7f08dcd7a81a2a.arj
Size

640KB
Sample

240918-x1wyasydpc
MD5

b8a367e421210b9dca806bdc10c3a215
SHA1

54e7432c0f2ff07a96c74f0acb4172811de463dd
SHA256

ade287056a35378aa396ca400b0a39e2566d566612313a33edf89731ecce8bf5
SHA512

1aed527abc6cb3606fb77914a0bcf5225ee726f794479d7ee52f248b8c0c845bf1a8f89289946d84a0677309d6716a5ecb4cabf5b08b7660fde80f3b173a9fef
SSDEEP

12288:DCLWkiNtbsCCje39cdViQAIKVsMSi6fjUlwEVHphcnOkM:mkNaCC/7HIsh1f4+EZP9

Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Payment Slip_Pdf.exe

Resource

win7-20240903-en

snakekeylogger collection credential_access discovery keylogger stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment Slip_Pdf.exe

Resource

win10v2004-20240802-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.al-subai.com
Port:
587
Username:
[email protected]
Password:
A_Sadek1962
Email To:
[email protected]

Targets

- Target
  
  Payment Slip_Pdf.exe
- Size
  
  1.0MB
- MD5
  
  cbc85c6e67d54fbd245e715137333f99
- SHA1
  
  92225d2d10b0894eb9aea75ad9e5d6a230c5d290
- SHA256
  
  5911349922ae05bdb94047a5ac5c6070b79583380a277e88ecf9d74ba7a0d851
- SHA512
  
  fe09671717697c95ea45ab4c08e76e33d6709d59fa217301c4fe0ba097aa71a4f13386e6d8eb0494ed91f87fd1b24da402c89e1d9ebc8618286914f887944427
- SSDEEP
  
  24576:pRmJkcoQricOIQxiZY1iaajV1YVEpIxurZh/L0:mJZoQrbTFZY1iaiXYqpxVhw
Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy