snakekeylogger | 4d89b6fc60ffaa84af321fb2120185994a22605d80d175d71c5780e753d3ec8d | Triage

Submit
Reports

Overview

overview

Static

static

1

4d89b6fc60...8d.vbe

windows7-x64

8

4d89b6fc60...8d.vbe

windows10-2004-x64

Sharing

General

Target

4d89b6fc60ffaa84af321fb2120185994a22605d80d175d71c5780e753d3ec8d.vbe
Size

11KB
Sample

240925-b3922sxdln
MD5

f2ba7d3b3cdabd02dbcccb1174088b1d
SHA1

dbc02a29b2b042af0b988c698be5be7885e127c1
SHA256

4d89b6fc60ffaa84af321fb2120185994a22605d80d175d71c5780e753d3ec8d
SHA512

876f7a01b9abbaaf7dff88e16a362eafa5ba13b9031c1d6cfef195b426e89c4a287c26d717320886a225d7904aca3635bf3a6a8f2286a5d89bfadb0b330da154
SSDEEP

192:lwZ1ZSTlbLJya3RGALtUtNG7YkGEY9CNsRXX1SAkt0pdzea1iGDcgjK:6rITlbz3L5UtNGWEYCNsRXX1medzL1iZ

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

4d89b6fc60ffaa84af321fb2120185994a22605d80d175d71c5780e753d3ec8d.vbe

Resource

win7-20240903-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4d89b6fc60ffaa84af321fb2120185994a22605d80d175d71c5780e753d3ec8d.vbe

Resource

win10v2004-20240910-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
bisttro.shop
Port:
587
Username:
[email protected]
Password:
W79cDo2h05Iv
Email To:
[email protected]

Targets

- Target
  
  4d89b6fc60ffaa84af321fb2120185994a22605d80d175d71c5780e753d3ec8d.vbe
- Size
  
  11KB
- MD5
  
  f2ba7d3b3cdabd02dbcccb1174088b1d
- SHA1
  
  dbc02a29b2b042af0b988c698be5be7885e127c1
- SHA256
  
  4d89b6fc60ffaa84af321fb2120185994a22605d80d175d71c5780e753d3ec8d
- SHA512
  
  876f7a01b9abbaaf7dff88e16a362eafa5ba13b9031c1d6cfef195b426e89c4a287c26d717320886a225d7904aca3635bf3a6a8f2286a5d89bfadb0b330da154
- SSDEEP
  
  192:lwZ1ZSTlbLJya3RGALtUtNG7YkGEY9CNsRXX1SAkt0pdzea1iGDcgjK:6rITlbz3L5UtNGWEYCNsRXX1medzL1iZ
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy