snakekeylogger | 3043832793eb15ccc15c94885b5b7d0304e6e173e2038de3eff1446bd72d902f | Triage

Submit
Reports

Overview

overview

Static

static

3

Invoice#20... .scr

windows7-x64

7

Invoice#20... .scr

windows10-2004-x64

Sharing

General

Target

31012025_0154_Invoice#2002668-Invoice#2002668_pdf .scr.iso
Size

438KB
Sample

250131-cbz87sxlgw
MD5

0b405b6d36d3723e1a431a007e452ddd
SHA1

383dd9facc10b923c1c8d557b9e69bb4a0d04cfe
SHA256

3043832793eb15ccc15c94885b5b7d0304e6e173e2038de3eff1446bd72d902f
SHA512

461f262d292940681a56745b16c84bff4c39ee0657ee3e57f81076ad15545491f0f6da30435324f9c55712ed7eb7d10ecf4a2d94a8263e47259a3658eee3ef38
SSDEEP

6144:TRSqYzjhWnqRxS5xtUTH15PGFSSOdxtnON+ANZj9NOnm5xxxx:YzjhAqRyxwZ3MNOnm

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Invoice#2002668/Invoice#2002668_pdf .scr

Resource

win7-20241023-en

windows7-x64

4 signatures

300 seconds

Behavioral task

behavioral2

Sample

Invoice#2002668/Invoice#2002668_pdf .scr

Resource

win10v2004-20241007-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

13 signatures

300 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.yorkmarine.ae
Port:
25
Username:
[email protected]
Password:
gpssa@yorkmarine
Email To:
[email protected]

Targets

- Target
  
  Invoice#2002668/Invoice#2002668_pdf .scr
- Size
  
  374KB
- MD5
  
  cf48f8e673aea5fec287be972fe41bd9
- SHA1
  
  e0c4988c4726f6a8267484389e94e77d5dcb68dc
- SHA256
  
  03c05594de8443bee3f59e7d905ead514721464c3388584975cb5217af2afcbf
- SHA512
  
  a5f18f0e3ab0b438127dc42540bc6c4b53e55cedf7ba81610c62e99dfaa40f2869f97f2a1d8238a0447bac32d8cbe518dcb2cfd2fbc8d16b35aeca10d8341312
- SSDEEP
  
  6144:oRSqYzjhWnqRxS5xtUTH15PGFSSOdxtnON+ANZj9NOnm5xxxx:JzjhAqRyxwZ3MNOnm
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy