snakekeylogger | b106f5b826b7d98a5b24487bc596827451b91fbb874d8feda6cfe7adda4331ac | Triage

Submit
Reports

Overview

overview

Static

static

3

ZAMDOST_23... .exe

windows7-x64

1

ZAMDOST_23... .exe

windows10-2004-x64

Sharing

General

Target

b106f5b826b7d98a5b24487bc596827451b91fbb874d8feda6cfe7adda4331ac.img
Size

70KB
Sample

250206-hytb3ayrgr
MD5

851a5ffac3ee2da08557108239f90fab
SHA1

fc08f3810ffbcfb11a649700679818c16ea19a0c
SHA256

b106f5b826b7d98a5b24487bc596827451b91fbb874d8feda6cfe7adda4331ac
SHA512

2456df8c752d6f9c5317a4a0b7b6dbc7746d91c8138b5ac435e979486cf11a4aa21b9e50596fc9740569d5d50458e3238223ca343363bb66de3c36c2e59c3fef
SSDEEP

192:N/vI/5ZpP+SaZG1g6f0CX6I8VBoTruapz7as7wl5N+2:NXK5bWSaZFyL6I8VAt7alQ

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ZAMDOST_230-ZT-2025_Oryginał_4_pdf .exe

Resource

win7-20240708-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

ZAMDOST_230-ZT-2025_Oryginał_4_pdf .exe

Resource

win10v2004-20250129-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7719158406:AAGxGMuZ_5NEFP89HZrIghiOEjJFOaEE7ds/sendMessage?chat_id=1018401531

Targets

- Target
  
  ZAMDOST_230-ZT-2025_Oryginał_4_pdf .exe
- Size
  
  10KB
- MD5
  
  fd7634082a916c3bd8c94c8493fc83e2
- SHA1
  
  c60c2abf158cc15b775d147b3daeffe7ca620d66
- SHA256
  
  7a5a195be41d691882da0610b142ab0f82b6cccfa5b66db38b5a2416f5e4b62d
- SHA512
  
  dec560e299ed874f87271aba3c597b0ad09d7b2a7d30f2024ef16ae85f8bca3cfce631e207d23eaaf9bd22f61f916474e5e21710c2b275556a16a7549158d49d
- SSDEEP
  
  192:S+SaZG1g6f0CX6I8VBoTruapz7as7wl5N+2:pSaZFyL6I8VAt7alQ
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy