snakekeylogger | 8a8b4171c1e87e7e8ed5c39d2334c31a307f50137f1e36f938d5dd312315fe58 | Triage

Submit
Reports

Overview

overview

Static

static

3

ORA_186635... .scr

windows7-x64

1

ORA_186635... .scr

windows10-2004-x64

Sharing

General

Target

13022025_1447_ORA_1866355_2025_1_152_13022025_pdf .scr.iso
Size

74KB
Sample

250213-r5vcdayqfp
MD5

c384ec6032929a5db046f44ad36500e1
SHA1

6a62cb2685e8dfa16b541a92d55f9bd697357439
SHA256

8a8b4171c1e87e7e8ed5c39d2334c31a307f50137f1e36f938d5dd312315fe58
SHA512

1b029090496888ce86f0e2c13247f85743e7f74c14e1053bee1ffe59626335ee361be9dcfac106bacf53d11bb86a78a075de985488ea2b58a37a0f73a5a36f86
SSDEEP

384:9/2o7JgiNM/CgnWwiu0/NL3xNohVNw6gOWw:9+krN8CgWDu01L3x+1g6

Score

10^/10

snakekeylogger collection discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ORA_1866355_2025_1_152_13022025_pdf .scr

Resource

win7-20240903-en

windows7-x64

3 signatures

300 seconds

Behavioral task

behavioral2

Sample

ORA_1866355_2025_1_152_13022025_pdf .scr

Resource

win10v2004-20250211-en

snakekeylogger collection discovery keylogger stealer

windows10-2004-x64

15 signatures

300 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8047465340:AAEYBKf2KrTPjEgMUpKrbn6X7nnahMxVrmg/sendMessage?chat_id=1018401531

Targets

- Target
  
  ORA_1866355_2025_1_152_13022025_pdf .scr
- Size
  
  14KB
- MD5
  
  c2f2a08848723d28d37e786a98987dc6
- SHA1
  
  c5ffb81d026e0d8f8e7bea678e0061b9e64b3ca7
- SHA256
  
  1c946143e1e49f399e1f78fe0c837f1970594b410d4285282b9afe2135f16d61
- SHA512
  
  b8884686e10db6761341c76ac98e8cef95d7ad28b9407e5a5c44b199709cd5e9af20e2ad068e99d6f79f6694fe6d7183a68a5108c60f3657f684d0ea64534bf9
- SSDEEP
  
  384:t7JgiNM/CgnWwiu0/NL3xNohVNw6gOWw:RrN8CgWDu01L3x+1g6
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectiondiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy