snakekeylogger | 27fccd17dfc39aa9d29b5129d4f086b7ed9c361915ab2d900cb55c268ae4bb03 | Triage

Submit
Reports

Overview

overview

Static

static

3

FACTURA PR...df.exe

windows7-x64

FACTURA PR...df.exe

windows10-2004-x64

Sharing

General

Target

27fccd17dfc39aa9d29b5129d4f086b7ed9c361915ab2d900cb55c268ae4bb03
Size

723KB
Sample

250122-2qyrcszkex
MD5

e746ce2ccab3609546fa0f7b13b77ae4
SHA1

a36ed7bcff2d31eb8f4e637f35ba7e6c9e9c2adc
SHA256

27fccd17dfc39aa9d29b5129d4f086b7ed9c361915ab2d900cb55c268ae4bb03
SHA512

7af40347968f67f29cbc2a638e267f7813d15a9b6c40bf16a505b557bc52ea20bccfe9e978d1dcbfbdddb6841ba7ea3bfc9ae988574a4db65064e190f8ac2c13
SSDEEP

12288:G8iJqFMTC3DQA+YK0WdVGvXYOET1U7ihlZvfUP6p08ujEnJgjNHHYiVLTcSkvJ+M:G8MTiDQFiWPYXY0if5fm6yr4nuvYB5X

Score

10^/10

snakekeylogger collection discovery execution keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

FACTURA PROFORMA pdf.exe

Resource

win7-20241010-en

snakekeylogger collection discovery execution keylogger stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

FACTURA PROFORMA pdf.exe

Resource

win10v2004-20241007-en

snakekeylogger collection discovery execution keylogger stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7979504653:AAFm_-f-R46w_TvBkt1kfgnnTRSttNIPYiY/sendMessage?chat_id=5600682828

Targets

- Target
  
  FACTURA PROFORMA pdf.exe
- Size
  
  826KB
- MD5
  
  708b864fcebfe235752eeb2c5ccff0c8
- SHA1
  
  61295aeeb9d0fca8d778d85878d4ba3ec927b354
- SHA256
  
  6a2167c7c8ec6a6101465cb228421143cf18abf246a898cbdc6026b9824f205f
- SHA512
  
  9f9f2138d9978228164e93e19b09bc79aa306d282d3abcac5d85430e4551c6e3e78b2ab6e0a9feae7c451076e71c34d2dcc60650345ff79b44fa52cba88bd824
- SSDEEP
  
  12288:xBHINMAgeY0uLVgtXYIEv1G7QTlLLfUZEp08aJE231XW9xc645v:bHEMpoupaXYmQhffKEy9OK1Uw5v
Score

10^/10

snakekeylogger collection discovery execution keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoveryexecutionkeyloggerstealer

behavioral2

snakekeyloggercollectiondiscoveryexecutionkeyloggerstealer

© 2018-2025

Terms | Privacy