snakekeylogger | bf1431729b178e2119eb045cb2392d2ad6dfab5415a560691696aba9813521b2 | Triage

Submit
Reports

Overview

overview

Static

static

3

QTE070624.scr

windows7-x64

3

QTE070624.scr

windows10-2004-x64

Sharing

General

Target

bf1431729b178e2119eb045cb2392d2ad6dfab5415a560691696aba9813521b2
Size

24KB
Sample

240923-cqjvrstejn
MD5

8d8555c5f875773f518f370b7c6385de
SHA1

2e21f77f006be3fb2bc6c82eff1789ca301785c4
SHA256

bf1431729b178e2119eb045cb2392d2ad6dfab5415a560691696aba9813521b2
SHA512

8dfc3e11a36a121b8860ece2eea0ff32d04589829264178f917a129b639d5e16313bb589a14bc6ebc06323d98a78a826834f1a438323b80e4d374f30bbb9b873
SSDEEP

384:iWsJSmuNWqgbRV3gLPGrizDCEVVKrPaBafVzeZsWRKD1/U1aMhIWZ30sVVI:i3XM6QCUVeS2NaK6wMhIGbXI

Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

QTE070624.scr

Resource

win7-20240708-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

QTE070624.scr

Resource

win10v2004-20240802-en

snakekeylogger collection credential_access discovery keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7662274889:AAGmLpUAq41adIZH12LVtlSBknhfnx9iQ2g/sendMessage?chat_id=2052461776

Targets

- Target
  
  QTE070624.scr
- Size
  
  63KB
- MD5
  
  8e63d622b3d98045059d3ef8f59801ff
- SHA1
  
  dc81dc1a0b0e0976c74e21a1ba14a2026dec9149
- SHA256
  
  d8d9cbe722dfe8c0b15c418a13e8dd624935466783ecb271d2ed5a747abd30fe
- SHA512
  
  6f66d4369e940d89d34b25e4292698df8e7e4857bb0fa723636f5f5092b144bf1a0340c5a7b731794a599c814360f0896508235add90f3c068c7aff52e612dbd
- SSDEEP
  
  768:NcIzUujKOmIpfafTD4r22P8AdEEA/eDAxFVJiC9KGAZMn8clZZ+QE6J:rvjK5iyA22P8AuEAGCVJiC8GAaZbE6J
Score

10^/10

discovery snakekeylogger collection credential_access keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy