snakekeylogger | 9dbb9b3ea7917ebf01ac6a4add75c22a3bc4d584c7442f8a80eba70209a55f6e | Triage

Submit
Reports

Overview

overview

Static

static

3

TRuixDN7WvwGzoL.exe

windows7-x64

TRuixDN7WvwGzoL.exe

windows10-2004-x64

Sharing

General

Target

9dbb9b3ea7917ebf01ac6a4add75c22a3bc4d584c7442f8a80eba70209a55f6e
Size

565KB
Sample

250212-lx32nawpgn
MD5

738e39f1b63256a8ee6a54b1dca8ce09
SHA1

9364e511f70fd27c61ea53fc4cbab894e6810b2a
SHA256

9dbb9b3ea7917ebf01ac6a4add75c22a3bc4d584c7442f8a80eba70209a55f6e
SHA512

110d7754d388b4f1c2f6d7ee0cc374196886981285297504b5dfd242d887760925071a212a051a4b675fba42691beb51bd755f796086d32c2c8c03149cce0ea6
SSDEEP

12288:PDRaF6Ok3idqa+jPROKXbNFH0eH20qd4Xe6xTr2iLcwip6K:7EmV5zUeHOd45VrZoJ

Score

10^/10

snakekeylogger collection discovery keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

TRuixDN7WvwGzoL.exe

Resource

win7-20241010-en

snakekeylogger collection discovery keylogger spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

TRuixDN7WvwGzoL.exe

Resource

win10v2004-20250211-en

snakekeylogger collection discovery keylogger spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.aktagor-prom.by
Port:
587
Username:
[email protected]
Password:
RC84pv9H2*F

Targets

- Target
  
  TRuixDN7WvwGzoL.exe
- Size
  
  683KB
- MD5
  
  ddbffde648b80173c4fe7ecc6e5e35f7
- SHA1
  
  cc52574c80b3b0093eb148469c7593462cfec603
- SHA256
  
  ad4f38d7194dbb0a43330d105f06b4e496e31138de679eaa9a88c59735e42996
- SHA512
  
  e2e6ef785007fe193cd4399f3611b1b5dea2beecbce184f2d5e7369b66f9819a1046107bd2f805791d1ff0e22d71dcfbc0931d0a444c941f72c651ff00503fbf
- SSDEEP
  
  12288:36+CxzK8kRi9qM6JPRMKr+niCNFHuO7A0uvYCyjlCWZHo4/7xefpg:36+4Ivrr+xOO7cvYCyBCWZNtehg
Score

10^/10

snakekeylogger collection discovery keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Downloads MZ/PE file
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoverykeyloggerspywarestealer

behavioral2

snakekeyloggercollectiondiscoverykeyloggerspywarestealer

© 2018-2025

Terms | Privacy