snakekeylogger | 805fb7de61b3cf5af10f0e090cb03ce0b7fa7c7cb160ddaa285481e6cd5b8b44 | Triage

Submit
Reports

Overview

overview

Static

static

3

805fb7de61...44.exe

windows7-x64

3

805fb7de61...44.exe

windows10-2004-x64

Sharing

General

Target

805fb7de61b3cf5af10f0e090cb03ce0b7fa7c7cb160ddaa285481e6cd5b8b44.exe
Size

9KB
Sample

241018-chyc7azgmd
MD5

bf3e6a24ef1d06cebf8e0c9930f352aa
SHA1

9e581034223ffb6f9a5f7af813c2967701ad426d
SHA256

805fb7de61b3cf5af10f0e090cb03ce0b7fa7c7cb160ddaa285481e6cd5b8b44
SHA512

18b908f7634a9c7b9afd8e19469521dff6fc7b6e102450810c742f2e8fb1f45750ea04ec5e385b71360da249a0c9133016e4416acbb0e90077382b3c04fc8fa4
SSDEEP

192:tDhHj0XMZpjsb6mvUT59gcaW7p35Yw55oY0kN5J/K:rHUGpauzgcn7p35d5gq

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

805fb7de61b3cf5af10f0e090cb03ce0b7fa7c7cb160ddaa285481e6cd5b8b44.exe

Resource

win7-20241010-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

805fb7de61b3cf5af10f0e090cb03ce0b7fa7c7cb160ddaa285481e6cd5b8b44.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7662274889:AAGmLpUAq41adIZH12LVtlSBknhfnx9iQ2g/sendMessage?chat_id=2052461776

Targets

- Target
  
  805fb7de61b3cf5af10f0e090cb03ce0b7fa7c7cb160ddaa285481e6cd5b8b44.exe
- Size
  
  9KB
- MD5
  
  bf3e6a24ef1d06cebf8e0c9930f352aa
- SHA1
  
  9e581034223ffb6f9a5f7af813c2967701ad426d
- SHA256
  
  805fb7de61b3cf5af10f0e090cb03ce0b7fa7c7cb160ddaa285481e6cd5b8b44
- SHA512
  
  18b908f7634a9c7b9afd8e19469521dff6fc7b6e102450810c742f2e8fb1f45750ea04ec5e385b71360da249a0c9133016e4416acbb0e90077382b3c04fc8fa4
- SSDEEP
  
  192:tDhHj0XMZpjsb6mvUT59gcaW7p35Yw55oY0kN5J/K:rHUGpauzgcn7p35d5gq
Score

10^/10

discovery snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy