snakekeylogger | a2ed54b7599915b79022ef37a72c20c7c5c2673b66bb0b08e4f435dd961332e4 | Triage

Submit
Reports

Overview

overview

Static

static

3

ZAMDOST_23... .exe

windows7-x64

1

ZAMDOST_23... .exe

windows10-2004-x64

Sharing

General

Target

a2ed54b7599915b79022ef37a72c20c7c5c2673b66bb0b08e4f435dd961332e4.img
Size

70KB
Sample

250206-hvs7wswret
MD5

207c5be1f74131b513254f22fb8166bc
SHA1

725fd2d9110dd79bff07af5c97bce3903730d58f
SHA256

a2ed54b7599915b79022ef37a72c20c7c5c2673b66bb0b08e4f435dd961332e4
SHA512

232b9662c2a512a4695c0a4003a563615f752d38a466463286a4b19fd4caca49a7109624eb621b1c00c5c09f44030d1c360c36684d96c7d3c9ef4f5d63be278c
SSDEEP

192:NUpY3hlefElkfSJE5Ot7jLPXrruapz7as7wl5NK2:NLEoJNLP7t7al8

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ZAMDOST_230-ZT-2025_Oryginał_4_pdf .exe

Resource

win7-20241010-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

ZAMDOST_230-ZT-2025_Oryginał_4_pdf .exe

Resource

win10v2004-20241007-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7719158406:AAGxGMuZ_5NEFP89HZrIghiOEjJFOaEE7ds/sendMessage?chat_id=1018401531

Targets

- Target
  
  ZAMDOST_230-ZT-2025_Oryginał_4_pdf .exe
- Size
  
  10KB
- MD5
  
  0dcd8fec15008f65cf8e9bb63d1b9e8f
- SHA1
  
  0971537d92bea47b1a362c043b86e72c0e409ddc
- SHA256
  
  2aaec088fcb6aad10489c469a1808dade264b9b19f0654fc82a37ec9af36b266
- SHA512
  
  8bac17357f5a2b0273d226ae3e193ab1473bc078b04b3a62077c61908827509aefbeea89bff7672cce9094ac17725335bb5f3f9b9bdb0f399530956bb0fb4271
- SSDEEP
  
  96:wdSSh0JE5Ooo7SSLLLXtyUruatvzrUUR1I7HMkExzF7MjJ5NX6MzNt:wSJE5Ot7jLPXrruapz7as7wl5NK2
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy