snakekeylogger | 4f1ba7440d20500ac5a379c9eca60991ae571b460fc01f1146c75b5e2a005d30 | Triage

Submit
Reports

Overview

overview

Static

static

3

Week3.exe

windows7-x64

Week3.exe

windows10-2004-x64

Sharing

General

Target

250203-vzamkaxne1_pw_infected.zip
Size

509KB
Sample

250203-v93q4azlfp
MD5

422976fd241ed0968b67d52c3e899254
SHA1

80e12f8a6a95b7110fd588d833443efe207b2587
SHA256

4f1ba7440d20500ac5a379c9eca60991ae571b460fc01f1146c75b5e2a005d30
SHA512

c25a2b7b1a5a4d27d38a2cd6ce29c92a609f29c976e6e74b66bf16470bc4ebb2cad2dc19726c330c6cf1f36056a72b9d5b71f6da60461bee644a63557fe11c1a
SSDEEP

12288:hSwl1CObPsSMMswnSZGyB+UKPJefRCgOz4uxeTty1Fqit+s7:hSE1oSMynZGoH4AeI1Ws7

Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Week3.exe

Resource

win7-20240903-en

snakekeylogger collection credential_access discovery keylogger stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Week3.exe

Resource

win10v2004-20250129-en

snakekeylogger collection credential_access discovery keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.stilltech.ro
Port:
587
Username:
[email protected]
Password:
eurobit555ro
Email To:
[email protected]

Targets

- Target
  
  Week3.exe
- Size
  
  812KB
- MD5
  
  5302477a2c210083be8d25280a1d27cf
- SHA1
  
  7d9cfcfe09c52303e9ab741353c06e014364cdd6
- SHA256
  
  c40b21462fa3c5ebbed41befc33078f7453e4ed5e2594a815103c1efe70d6327
- SHA512
  
  85be08716fbe5b9503dd1ce6ab42796c14ddc3bf60b4f5e71f68e66cdc72bbd47e32181ceb029f9cc0e3d8cee77ab4b29ed3305546fde326f4a3763ada223046
- SSDEEP
  
  12288:zWmfDfxt7J0iJKfJDbV5wPw2a7iLv1/L5le289QgM:v2RfJW1Ciblvng
Score

10^/10

snakekeylogger collection credential_access discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

behavioral2

snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy