snakekeylogger | 5b90e64b275d76dc50a6b9c85f5eb89f0f1d2686eb93f997aecf6b74d4f84710 | Triage

Submit
Reports

Overview

overview

Static

static

3

zz.exe

windows7-x64

zz.exe

windows10-2004-x64

Sharing

General

Target

zz.zip
Size

161KB
Sample

250210-fpk8zsskfz
MD5

8cb889389679a4fe04430e99def003fe
SHA1

a0e1cb36a61cd6574f08bccde3fd60d91b283f1a
SHA256

5b90e64b275d76dc50a6b9c85f5eb89f0f1d2686eb93f997aecf6b74d4f84710
SHA512

edf76d772c9a7973158dcc91f5a7c0f45c4c151774a751c174dee3e99a0e747d65103eca825ec6ac26ecdb5509b74b2139001f5c6144be8e4dc239f66ca01c3c
SSDEEP

3072:iUBpohKE0xLXlb/D+bodcCyLkrz07TrnAcSx2JZw31KxUasi1NO9U:iUBE2lbqLLUzUTrnJJY1KzFNOU

Score

10^/10

snakekeylogger collection discovery keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

zz.exe

Resource

win7-20240903-en

snakekeylogger collection discovery keylogger spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

zz.exe

Resource

win10v2004-20250207-en

snakekeylogger collection discovery keylogger spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8146065464:AAFmO8RMLpJgd1BLjqm9MO8V-EzP0a6-JD4/sendMessage?chat_id=6306771742

Targets

- Target
  
  zz.exe
- Size
  
  223KB
- MD5
  
  4553428c99b70e4ace08ecb833ee644f
- SHA1
  
  331c4abfccce4b65d5b4430e668942058959c5db
- SHA256
  
  d95ce0d32f940b2178e218b9af0aae7bdaf25f8660dc2112e4ca22e10b5f7451
- SHA512
  
  2f9b8c8db5005e8bdac84b865639a60e422a0c2ef5c5bf92774e5d339d226df6b758f5f3ebaf09e187673bd3a7fef8e576f471d1167001ac6a1a2d94951933ee
- SSDEEP
  
  6144:6DKW1Lgbdl0TBBvjc/qUTrV9JYR2p7Xbc:8h1Lk70TnvjcyAF5c
Score

10^/10

snakekeylogger collection discovery keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Downloads MZ/PE file
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoverykeyloggerspywarestealer

behavioral2

snakekeyloggercollectiondiscoverykeyloggerspywarestealer

© 2018-2025

Terms | Privacy