snakekeylogger | 2530ca42857b5d025729fb7736ab224b407ffdbe7039a6c962f1f6e3b706b3d8 | Triage

Submit
Reports

Overview

overview

Static

static

3

2530ca4285...d8.exe

windows10-ltsc 2021-x64

Resubmissions

07-02-2025 10:23

250207-mes96syqcn 10

06-02-2025 21:29

250206-1b9pmsxmh1 10

Sharing

General

Target

2530ca42857b5d025729fb7736ab224b407ffdbe7039a6c962f1f6e3b706b3d8
Size

826KB
Sample

250207-mes96syqcn
MD5

b3b46efad9dac8cd52ffc04fd149f805
SHA1

421f5c82cce3af81ebe1381817c03a5554837a6f
SHA256

2530ca42857b5d025729fb7736ab224b407ffdbe7039a6c962f1f6e3b706b3d8
SHA512

7626f6f5eaca0491c156046f80c92e69d303ef6a2a9460bd3e37158e491556dc88698e52b26696f5d7e33cff722f23be938a195e2f868b26a79cc03a8cc6ff36
SSDEEP

12288:ULkUMXe5y/t1u9OF8IKLMwAL/6HEuwPtqGMyRQCbZ1uhPH7bUk6x:ULm8IKLMx72E9qbCbZ1U7bU3x

Score

10^/10

snakekeylogger collection discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2530ca42857b5d025729fb7736ab224b407ffdbe7039a6c962f1f6e3b706b3d8.exe

Resource

win10ltsc2021-20250128-en

snakekeylogger collection discovery keylogger stealer

windows10-ltsc 2021-x64

18 signatures

30 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7817497413:AAH6fX2oZGM3XzbbIU69SVEGO80t6mDhjdU/sendMessage?chat_id=1695799026

Targets

- Target
  
  2530ca42857b5d025729fb7736ab224b407ffdbe7039a6c962f1f6e3b706b3d8
- Size
  
  826KB
- MD5
  
  b3b46efad9dac8cd52ffc04fd149f805
- SHA1
  
  421f5c82cce3af81ebe1381817c03a5554837a6f
- SHA256
  
  2530ca42857b5d025729fb7736ab224b407ffdbe7039a6c962f1f6e3b706b3d8
- SHA512
  
  7626f6f5eaca0491c156046f80c92e69d303ef6a2a9460bd3e37158e491556dc88698e52b26696f5d7e33cff722f23be938a195e2f868b26a79cc03a8cc6ff36
- SSDEEP
  
  12288:ULkUMXe5y/t1u9OF8IKLMwAL/6HEuwPtqGMyRQCbZ1uhPH7bUk6x:ULm8IKLMx72E9qbCbZ1U7bU3x
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy