snakekeylogger | 4b3c8a95989759a99c7fee79f793ea2787526f0795d3382fe0c63143680e9ea4 | Triage

Submit
Reports

Overview

overview

Static

static

5

4b3c8a9598...a4.exe

windows7-x64

4b3c8a9598...a4.exe

windows10-2004-x64

Sharing

General

Target

4b3c8a95989759a99c7fee79f793ea2787526f0795d3382fe0c63143680e9ea4.exe
Size

1.0MB
Sample

241221-1wkags1kcw
MD5

0989a40e96ee1108296ce64b2fbf415c
SHA1

fd63bfc7440e688185727dec066fa5122baeef75
SHA256

4b3c8a95989759a99c7fee79f793ea2787526f0795d3382fe0c63143680e9ea4
SHA512

968ae56145fe1bb91660a2f4f91478f319db30420c7ba97edbfeea9d505ca769fa4a19420022affb60aca2a2f3e8d9b4d589bc448994e38dc233fa2fac1d0dfb
SSDEEP

24576:qqDEvCTbMWu7rQYlBQcBiT6rprG8ax6YEjTi0:qTvC/MTQYxsWR7ax43r

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4b3c8a95989759a99c7fee79f793ea2787526f0795d3382fe0c63143680e9ea4.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

12 signatures

120 seconds

Behavioral task

behavioral2

Sample

4b3c8a95989759a99c7fee79f793ea2787526f0795d3382fe0c63143680e9ea4.exe

Resource

win10v2004-20241007-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

12 signatures

120 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8124248958:AAHHSH6MqAJrQq3xcmINDov2O7_xgCmxgPE/sendMessage?chat_id=5808310347

Targets

- Target
  
  4b3c8a95989759a99c7fee79f793ea2787526f0795d3382fe0c63143680e9ea4.exe
- Size
  
  1.0MB
- MD5
  
  0989a40e96ee1108296ce64b2fbf415c
- SHA1
  
  fd63bfc7440e688185727dec066fa5122baeef75
- SHA256
  
  4b3c8a95989759a99c7fee79f793ea2787526f0795d3382fe0c63143680e9ea4
- SHA512
  
  968ae56145fe1bb91660a2f4f91478f319db30420c7ba97edbfeea9d505ca769fa4a19420022affb60aca2a2f3e8d9b4d589bc448994e38dc233fa2fac1d0dfb
- SSDEEP
  
  24576:qqDEvCTbMWu7rQYlBQcBiT6rprG8ax6YEjTi0:qTvC/MTQYxsWR7ax43r
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy