snakekeylogger | 030c16ffccb55c4a06c3b93d11390e7b2c5b218e220594d45c9fb02f622b856c | Triage

Submit
Reports

Overview

overview

Static

static

3

ZamwienieZ...cr.exe

windows7-x64

1

ZamwienieZ...cr.exe

windows10-2004-x64

Sharing

General

Target

ZamwienieZ22012914_pdf.scr.exe
Size

30KB
Sample

250131-jffhxs1rcq
MD5

a3ca0227df6bd50b5003370490c34291
SHA1

4ad313dd3ffb98b09b64b60d7917e7a23f9215f9
SHA256

030c16ffccb55c4a06c3b93d11390e7b2c5b218e220594d45c9fb02f622b856c
SHA512

26c5b2d581d3b4fcb9a9de5b5788aad5a5aea1e565686238e5cc25a011bd6e99e80ccf78f09d9792182233059deb6e31164cb3282d014c5269e01411a1b4021b
SSDEEP

768:pA+1wxzNk46+kBeNpTBZGPz4y/FL7BykIB:pl1wfu+kBeNLuZBykW

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ZamwienieZ22012914_pdf.scr.exe

Resource

win7-20241010-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

ZamwienieZ22012914_pdf.scr.exe

Resource

win10v2004-20250129-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.haselayakkabi.com.tr
Port:
25
Username:
[email protected]
Password:
Ydj5DCO%
Email To:
[email protected]

Targets

- Target
  
  ZamwienieZ22012914_pdf.scr.exe
- Size
  
  30KB
- MD5
  
  a3ca0227df6bd50b5003370490c34291
- SHA1
  
  4ad313dd3ffb98b09b64b60d7917e7a23f9215f9
- SHA256
  
  030c16ffccb55c4a06c3b93d11390e7b2c5b218e220594d45c9fb02f622b856c
- SHA512
  
  26c5b2d581d3b4fcb9a9de5b5788aad5a5aea1e565686238e5cc25a011bd6e99e80ccf78f09d9792182233059deb6e31164cb3282d014c5269e01411a1b4021b
- SSDEEP
  
  768:pA+1wxzNk46+kBeNpTBZGPz4y/FL7BykIB:pl1wfu+kBeNLuZBykW
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy