snakekeylogger | 30c4337662cb4e4f3a850b22075a4354642552c136839a2282139d3e20ad59bc | Triage

Submit
Reports

Overview

overview

Static

static

3

Inquiry I... .scr

windows7-x64

1

Inquiry I... .scr

windows10-2004-x64

Sharing

General

Target

02022025_1236_Inquiry IP250009 AF2506595_pdf .scr.iso
Size

90KB
Sample

250202-pszp8a1qht
MD5

0be00e4ad3ceaa683cf8ea3dfbbb9068
SHA1

da4fd004e85104086dc2a5a7c1f7313b79ee15b2
SHA256

30c4337662cb4e4f3a850b22075a4354642552c136839a2282139d3e20ad59bc
SHA512

4edda3df6d9a3caca10b3c9b9a70112d72b5de0a06d41124c8d7e2e5f3d9ee704665af134724469026a900dee51d17016db0a3314f054995ca894fb3b171aaec
SSDEEP

768:RFEtDBZdaNLXc0oZKNuPYlmwK3xKeL7BykIM:zEtDBZdqLcNgcYYTbBykr

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Inquiry IP250009 AF2506595_pdf .scr

Resource

win7-20240903-en

windows7-x64

3 signatures

300 seconds

Behavioral task

behavioral2

Sample

Inquiry IP250009 AF2506595_pdf .scr

Resource

win10v2004-20250129-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

12 signatures

300 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.haselayakkabi.com.tr
Port:
25
Username:
[email protected]
Password:
Ydj5DCO%
Email To:
[email protected]

Targets

- Target
  
  Inquiry IP250009 AF2506595_pdf .scr
- Size
  
  30KB
- MD5
  
  0e5971e91dd1db9deb1fb0423dfb7f86
- SHA1
  
  77550fc14cc113302e033b388af34e325b3cffa3
- SHA256
  
  9a46f9b65992fa05b30ff12b672bcc3c2bb9eb4a1ed3b18c41ab00912fa1ffef
- SHA512
  
  6aa1fc7cf57c872dbb5b2c6afc42cebb5c6acad1f8c9c939690529c931c780eb6b13e0a0ac4dce90c2b6a325334b3dbf2b7273564379c8eb5d4a9a2ad20f0e55
- SSDEEP
  
  768:zEtDBZdaNLXc0oZKNuPYlmwK3xKeL7BykIM:zEtDBZdqLcNgcYYTbBykr
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy