snakekeylogger | 3820389e70949b0e96f2455ad59c3d7e5c28e68b8ae152daa07f594de5486c8f | Triage

Submit
Reports

Overview

overview

Static

static

3

85f7f26cd9...13.exe

windows7-x64

85f7f26cd9...13.exe

windows10-2004-x64

Sharing

General

Target

3820389e70949b0e96f2455ad59c3d7e5c28e68b8ae152daa07f594de5486c8f
Size

513KB
Sample

240925-vf6kwswerm
MD5

732c2b932a0b67bb0adbfeb6c7dfba89
SHA1

9783d527426825d23712dca6c9fcd21ded3b072a
SHA256

3820389e70949b0e96f2455ad59c3d7e5c28e68b8ae152daa07f594de5486c8f
SHA512

c61e5cb7230e32c9fb8d01c3ae82da2bcfc5c3c058b947ae4380537aa5c6fb14e2b9dd4a5f0718722ae49789cabb40e4a8e999b2670e78ff1cd8717f27d0db69
SSDEEP

12288:B79S4Vm0Xbebkp/ymFtA2mEWg3WhW24dQ2b4cvQ:B7AQLebkpamFPmEWg3mrVwvQ

Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

85f7f26cd9cfb9ab367d083f60b48e1594b1eadf8dd1a792c347273684855013.exe

Resource

win7-20240903-en

snakekeylogger collection credential_access discovery keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

85f7f26cd9cfb9ab367d083f60b48e1594b1eadf8dd1a792c347273684855013.exe

Resource

win10v2004-20240802-en

snakekeylogger collection credential_access discovery keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.stilltech.ro
Port:
587
Username:
[email protected]
Password:
eurobit555ro
Email To:
[email protected]

Targets

- Target
  
  85f7f26cd9cfb9ab367d083f60b48e1594b1eadf8dd1a792c347273684855013.exe.bin
- Size
  
  830KB
- MD5
  
  2c4ce1a8eaabb150842428fad62d3aa5
- SHA1
  
  3b363403e579459a7954c4564c950041327c755c
- SHA256
  
  85f7f26cd9cfb9ab367d083f60b48e1594b1eadf8dd1a792c347273684855013
- SHA512
  
  7d7ff21e01c5ede70104f2819c3d61056df222ad6943bb257c1dfa38ff9d4f8b2da070b97847f8b76a5e881e99c10db754334022a3f9eb4f12ffcc4e3f0bbbb5
- SSDEEP
  
  12288:fWmfDfxt7J0iJKfJDbV5wPw2a7iLv1/L5le289QgM8B:72RfJW1Ciblvng
Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

behavioral2

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy