snakekeylogger | 801f1738b260abd0cc0cb625b991279b4d65ce927122bac2c24450642726d4b4 | Triage

Submit
Reports

Overview

overview

Static

static

3

New Requir...em.exe

windows7-x64

New Requir...em.exe

windows10-2004-x64

Sharing

General

Target

801f1738b260abd0cc0cb625b991279b4d65ce927122bac2c24450642726d4b4
Size

558KB
Sample

250128-eb24xawqck
MD5

a61fb9a5bc779b14f493f1795b9a838b
SHA1

736415293a228503422622686665c97ceb1a833f
SHA256

801f1738b260abd0cc0cb625b991279b4d65ce927122bac2c24450642726d4b4
SHA512

ca1e9eaa6bc4e0cdf99664467352f3ecb6f0b18ddcedc23e7f20c74b28d9be04233881d4c09cbfd56bdc6df3258359428e962d192a20a721722d262f166459f9
SSDEEP

12288:XrnzBFDl3k//4nlOeZZFFEg6YU90ZMQ1aEZsHb2XhxD6J/gqyDklrxbBP:HB3O/MOejFFX6NfQovHbYhR6dLCklbP

Score

10^/10

snakekeylogger collection discovery keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

New Required Data for Descaling System.exe

Resource

win7-20241010-en

snakekeylogger collection discovery keylogger spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

New Required Data for Descaling System.exe

Resource

win10v2004-20241007-en

snakekeylogger collection discovery keylogger spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7817497413:AAH6fX2oZGM3XzbbIU69SVEGO80t6mDhjdU/sendMessage?chat_id=1695799026

Targets

- Target
  
  New Required Data for Descaling System.exe
- Size
  
  675KB
- MD5
  
  1b8d77ea9fe74c35a330ecd098c622e5
- SHA1
  
  354b24042d43e892f6088dedf54081903b247479
- SHA256
  
  e9db3a8e0762d2178a6a7acb37f8d11e448ef6d58462e0f12eb1f06ff36299ae
- SHA512
  
  8bdf42c801823c356712c939aef07e6c7fe135d3b5e0bc866d98ca5ef9446f07bc24a41ad3b8339516da1d14810a8d7196d8a9cc6985c051cbec005afb22285f
- SSDEEP
  
  12288:srTY00jwPzkZmXlVVOeoPY+0p9XhA/lZtWKi2XhxP6J/Fzknp0:srTdHQm1/OeoPYpp9RAdCKiYh56dFgm
Score

10^/10

snakekeylogger collection discovery keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoverykeyloggerspywarestealer

behavioral2

snakekeyloggercollectiondiscoverykeyloggerspywarestealer

© 2018-2025

Terms | Privacy