snakekeylogger | ed1420f9f2247b8c6d968787af2dc71266abd66a282f7103a6525113e3084a59 | Triage

Submit
Reports

Overview

overview

Static

static

3

PAGO SWIFT...df.exe

windows7-x64

PAGO SWIFT...df.exe

windows10-2004-x64

Sharing

General

Target

ed1420f9f2247b8c6d968787af2dc71266abd66a282f7103a6525113e3084a59
Size

584KB
Sample

250127-wfemvazmfx
MD5

b1252ec208fb9065afc44c43da6b258f
SHA1

da465232b8083749cf0c2702c3babe3880cee83a
SHA256

ed1420f9f2247b8c6d968787af2dc71266abd66a282f7103a6525113e3084a59
SHA512

6f5a5206c851585e738c45a8a74112f9d564ef89e3646c0319aa29e2b93b6be821afec71b8c2d2bd5d67457c685a2f6bb6faf52b8086067e20acc1c776cb1ef5
SSDEEP

12288:F/zbniaP9LTnr5FMQbi7SSZ++SGsOwk8pT+UZFvTPsBiOm25UFgcBZT3O5:F/viaPVnr5FMQbi7SSuOwk2dLsNo/BZG

Score

10^/10

snakekeylogger collection discovery execution keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PAGO SWIFT pdf.exe

Resource

win7-20240903-en

snakekeylogger collection discovery execution keylogger stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

PAGO SWIFT pdf.exe

Resource

win10v2004-20241007-en

snakekeylogger collection discovery execution keylogger stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7979504653:AAFm_-f-R46w_TvBkt1kfgnnTRSttNIPYiY/sendMessage?chat_id=5600682828

Targets

- Target
  
  PAGO SWIFT pdf.exe
- Size
  
  869KB
- MD5
  
  a1279890aeb8abe7f5f043b844c37610
- SHA1
  
  f499167373d11cfd9f006e32ba493dea460876cf
- SHA256
  
  ac3e59d452c9afd22e61846b9f5d1b475c0fb1e9ee0a890dea660a61280bce57
- SHA512
  
  54a0b3563ccb793e1940b2b18989b39e99feee47b4f180d569ded5f8e848f70c18e0e4a1f83ac5dd3250f5852d77138ded558f5ec71e8445456002f9709d111c
- SSDEEP
  
  12288:xd0N/PDnN55KQbbjQZEiAGaYwUyNLIUZBvTPEviFZEhmDL1xIrZlXXLRuAUY6IkB:r0BLnN55KQbnQEYwUsDLEIE0D
Score

10^/10

snakekeylogger collection discovery execution keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoveryexecutionkeyloggerstealer

behavioral2

snakekeyloggercollectiondiscoveryexecutionkeyloggerstealer

© 2018-2025

Terms | Privacy