snakekeylogger | 9d1882f5242558c7bbefd30680fbfb438b9fde18f36aea501dfa28b87a8b9b5d | Triage

Submit
Reports

Overview

overview

Static

static

3

quotation.exe

windows7-x64

quotation.exe

windows10-2004-x64

Sharing

General

Target

9d1882f5242558c7bbefd30680fbfb438b9fde18f36aea501dfa28b87a8b9b5d
Size

536KB
Sample

250210-nc5e4aznd1
MD5

887ae3c06b2678df5f0144648a02a8ea
SHA1

8d55dfddd32530c4d7e10ed955dc6f396c1df90e
SHA256

9d1882f5242558c7bbefd30680fbfb438b9fde18f36aea501dfa28b87a8b9b5d
SHA512

d8d25274b622c44ed6284d436a62a0d324130c384cacaa4e853d6cbb59fb09f0429b100d150521042f35643f139ef79dd8aafa54fcb3cfa2839625ba0b2af6fe
SSDEEP

12288:x+5AS96jpYlsyTs5VHHIAoOurbi5lU3r1zNYzuK8CDeDoNoiVXmDNYOysSbRn62F:KWpeES9ClU3hxYqlCDVJXAv4B6O

Score

10^/10

snakekeylogger collection discovery keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

quotation.exe

Resource

win7-20240903-en

snakekeylogger collection discovery keylogger spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

quotation.exe

Resource

win10v2004-20250207-en

snakekeylogger collection discovery keylogger spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.aktagor-prom.by
Port:
587
Username:
[email protected]
Password:
RC84pv9H2*F

Targets

- Target
  
  quotation.exe
- Size
  
  606KB
- MD5
  
  cd881e9549ec047df79acaab3b5bbccc
- SHA1
  
  0cfd8126193cb0f0412dfcc149fb4b68954bcb72
- SHA256
  
  686e82d7cf5c45825e06e8c23f84efb75bccb73a705d8ab13bd929ef61f27532
- SHA512
  
  95a736fa5ff6b1ee8b0d2ee2f70cb29308c9a863cdba90a931092c0f165b697e724a8d6047e305e5b23b13ad0cf77bc7dce8d90c0d48222b312cd1da5a3531b2
- SSDEEP
  
  12288:jAbZWUBjWeri14ATkexAzuK82N1tYqPbiVXmYZ1U:sbYU80FeKql0ZaXd
Score

10^/10

snakekeylogger collection discovery keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Downloads MZ/PE file
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoverykeyloggerspywarestealer

behavioral2

snakekeyloggercollectiondiscoverykeyloggerspywarestealer

© 2018-2025

Terms | Privacy