snakekeylogger | 14d75bf0f922ed0de2b05334b3eedeb1f762347f198b0b36c3c56807cfe34e3d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5

Shipping D...df.exe

windows7-x64

Shipping D...df.exe

windows10-2004-x64

Sharing

General

Target

14d75bf0f922ed0de2b05334b3eedeb1f762347f198b0b36c3c56807cfe34e3d
Size

580KB
Sample

241013-j1px4awepf
MD5

50a72bdb6e0977bf055acaab04f857c0
SHA1

a8968ae6909ff8e093bab35ebfebb629c767d016
SHA256

14d75bf0f922ed0de2b05334b3eedeb1f762347f198b0b36c3c56807cfe34e3d
SHA512

1f8a7a53c89cff4090699018ee412f41687306c8f6545fc3090b4dbddb81e39aacd080059239cd39afec5313f129794ebb8d2903e4f79d4e16b2b6d969e0d116
SSDEEP

12288:004EpvXkzZIwNLllXQaw5I9ncDl5ixr+oqwByRPGGClvCfWN44:004waIKRQazncDlw+oXv+IV

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Shipping Documents_pdf.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Shipping Documents_pdf.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.al-subai.com
Port:
587
Username:
[email protected]
Password:
A_Sadek1962
Email To:
[email protected]

Targets

- Target
  
  Shipping Documents_pdf.exe
- Size
  
  1.1MB
- MD5
  
  d696ff10344001019fdba47183cc496c
- SHA1
  
  2c2c34a60253de99e5b46e999877cd84ef9964f5
- SHA256
  
  edd9ba7dee624d71aca582cd72c90bb9cf739eb6e21f822368a5a5eb9e7d5bf6
- SHA512
  
  a7de62d8d78116751a0c43eac93c986d87d80c20c027a88881f51b1d305e8029f4cfba6be21e7b426785a5efd37ea401096a341461a8286edb3d006dbcb1cbf0
- SSDEEP
  
  24576:PCdxte/80jYLT3U1jfsWa71UCbzeA6tiSS5Q:Ow80cTsjkWaBXOVd
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy