snakekeylogger | 6b1c2144b4fde66439a0632914f1548b922fc251a3889c445d2d68c64c80bb06 | Triage

Submit
Reports

Overview

overview

Static

static

3

Faktura VA... .scr

windows7-x64

1

Faktura VA... .scr

windows10-2004-x64

Sharing

General

Target

02022025_1233_Faktura VAT-FV2025013100092_pdf .scr.iso
Size

90KB
Sample

250202-pq936s1qbz
MD5

ec2e5e78cb9f96d6fc884ebe21c2ff78
SHA1

f45d6d685598bdf3da6e436fa9b34fa1f33b21ee
SHA256

6b1c2144b4fde66439a0632914f1548b922fc251a3889c445d2d68c64c80bb06
SHA512

73441246451a96e0eadf178b194b2aedc8b673c7e7ddb499fe5721ef0e65a55d563a167411d9e682a9bbf942027bbebb5b29ab75882a7527a16d77fb042cde20
SSDEEP

768:SfEtDBZdaNLXc0oZKNuPYlmwK3xKeL7BykIM:wEtDBZdqLcNgcYYTbBykr

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Faktura VAT-FV2025013100092_pdf .scr

Resource

win7-20240903-en

windows7-x64

3 signatures

300 seconds

Behavioral task

behavioral2

Sample

Faktura VAT-FV2025013100092_pdf .scr

Resource

win10v2004-20250129-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

12 signatures

300 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.haselayakkabi.com.tr
Port:
25
Username:
[email protected]
Password:
Ydj5DCO%
Email To:
[email protected]

Targets

- Target
  
  Faktura VAT-FV2025013100092_pdf .scr
- Size
  
  30KB
- MD5
  
  0e5971e91dd1db9deb1fb0423dfb7f86
- SHA1
  
  77550fc14cc113302e033b388af34e325b3cffa3
- SHA256
  
  9a46f9b65992fa05b30ff12b672bcc3c2bb9eb4a1ed3b18c41ab00912fa1ffef
- SHA512
  
  6aa1fc7cf57c872dbb5b2c6afc42cebb5c6acad1f8c9c939690529c931c780eb6b13e0a0ac4dce90c2b6a325334b3dbf2b7273564379c8eb5d4a9a2ad20f0e55
- SSDEEP
  
  768:zEtDBZdaNLXc0oZKNuPYlmwK3xKeL7BykIM:zEtDBZdqLcNgcYYTbBykr
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy