snakekeylogger | 6cf9aa51125a08f16c022984cf2f1bdc54831ca42b68854706acdd5e3c6dfaab | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

6cf9aa5112...ab.vbe

windows7-x64

8

6cf9aa5112...ab.vbe

windows10-2004-x64

Sharing

General

Target

6cf9aa51125a08f16c022984cf2f1bdc54831ca42b68854706acdd5e3c6dfaab.vbe
Size

10KB
Sample

240921-n42taa1brg
MD5

1bfbb8267511f5aa010a24eea8797445
SHA1

cdd1e3a4461537c7699ba7936612de22c86a39fc
SHA256

6cf9aa51125a08f16c022984cf2f1bdc54831ca42b68854706acdd5e3c6dfaab
SHA512

32d8c347abb8335e50b16e19142d7cd7ea6922e064a15f3ba766015975ae3d2b062c8b82a7f6f97a3384762987c7d406bde4229b2976fb1c6d6d7aa1157323d9
SSDEEP

192:xzNM3lLrcABBqcDsPdSuXZlzrZ7gmUWoZl5WYleLMl/1uw5YOAxJ2HIK:FNElLAAKjBLf1UWobPlwMl/mcHp

Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

6cf9aa51125a08f16c022984cf2f1bdc54831ca42b68854706acdd5e3c6dfaab.vbe

Resource

win7-20240903-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

6cf9aa51125a08f16c022984cf2f1bdc54831ca42b68854706acdd5e3c6dfaab.vbe

Resource

win10v2004-20240802-en

snakekeylogger collection credential_access discovery keylogger stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
bisttro.shop
Port:
587
Username:
sendqpostal@bisttro.shop
Password:
W79cDo2h05Iv
Email To:
postal@bisttro.shop

Targets

- Target
  
  6cf9aa51125a08f16c022984cf2f1bdc54831ca42b68854706acdd5e3c6dfaab.vbe
- Size
  
  10KB
- MD5
  
  1bfbb8267511f5aa010a24eea8797445
- SHA1
  
  cdd1e3a4461537c7699ba7936612de22c86a39fc
- SHA256
  
  6cf9aa51125a08f16c022984cf2f1bdc54831ca42b68854706acdd5e3c6dfaab
- SHA512
  
  32d8c347abb8335e50b16e19142d7cd7ea6922e064a15f3ba766015975ae3d2b062c8b82a7f6f97a3384762987c7d406bde4229b2976fb1c6d6d7aa1157323d9
- SSDEEP
  
  192:xzNM3lLrcABBqcDsPdSuXZlzrZ7gmUWoZl5WYleLMl/1uw5YOAxJ2HIK:FNElLAAKjBLf1UWobPlwMl/mcHp
Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.