snakekeylogger | 5f6f6e5a9d8b8e79cbe0992b097472a40e3c47c7a131c18c39c2773dcb7f0fc3

General

Target

25012025_0231_23012025_DETAYLAR.r00
Size

585KB
Sample

250125-czt24asmgm
MD5

c1e210fed77e4ac01e427c238102dba5
SHA1

7c2f1e997e7b292d86422e65b7dce70b9222164b
SHA256

5f6f6e5a9d8b8e79cbe0992b097472a40e3c47c7a131c18c39c2773dcb7f0fc3
SHA512

d7550eb819820d477e89117abc6b75d0252a728e11a642f03ebe8c0549f0d61a487d927650ac52eae9bcd1f6d7f66edb4bc8688f2a581549f83ec48b03e2ed1a
SSDEEP

12288:R0WlcwrmMU4CFhfVMdvLj529cy4eN3DOf5ILt8wu:BG0U5fVUzjWvuILtZu

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8061096285:AAEYYo-FdY3VzqcT3L8EdN5KV_wk8MmCyiw/sendMessage?chat_id=6557702940

Targets

- Target
  
  DETAYLAR.exe
- Size
  
  937KB
- MD5
  
  e6b56e94b3f34e54f67fcda4fd5b9840
- SHA1
  
  c7e1b2a8bca28b118c62a756953454c4603ac81a
- SHA256
  
  a00d51621c4254d7e20b8afe9288757bd53d984b9afe143e45f5a18f6f5c636d
- SHA512
  
  5b4ffdd7757da93037b34164b3e6a38baf1fbbf78e9832408b75c9d14256b16a39925a24991af9a6966071cbbc28045f97664db9189e4a91d777f67890a47a57
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaCRZ9o1lrrukJ3sySo1emahSjh:7JZoQrbTFZY1iaCf4rrukeLcemUSjh
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2