snakekeylogger | df0d61eb19b8a191a145972c6398fbd388b52b00acf9dd24dd07627a02f5036c | Triage

Submit
Reports

Overview

overview

Static

static

3

Updated Pr...st.exe

windows7-x64

Updated Pr...st.exe

windows10-2004-x64

Sharing

General

Target

df0d61eb19b8a191a145972c6398fbd388b52b00acf9dd24dd07627a02f5036c
Size

524KB
Sample

250219-mcb8wayqgp
MD5

b97915ac30ad6bcc563eea808ed56596
SHA1

36a2bddc4a109a601ad726f1d75bd1bc867b166e
SHA256

df0d61eb19b8a191a145972c6398fbd388b52b00acf9dd24dd07627a02f5036c
SHA512

cec1d41f49ad4472ea15d65ca7dc76800c35544300aae1aa153c2f9962ed378806394e7bf4e8adf3c0e4bd8cc21f95e2ba73d4b2aea13bc54698c9b733a1409c
SSDEEP

12288:BA4F1zc5m+ecdDDSvqcfrN0+Y6rKbuGwSus7Xhj7weV4ww:p3zYmLMDZMrqvbu5oZ7b+n

Score

10^/10

snakekeylogger collection discovery keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Updated Price List.exe

Resource

win7-20240903-en

snakekeylogger collection discovery keylogger spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Updated Price List.exe

Resource

win10v2004-20250217-en

snakekeylogger collection discovery keylogger spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7572469755:AAHCBLe3bEv-r8VSlR3NztVSSHz6JBpCC7s/sendMessage?chat_id=7207594974

Targets

- Target
  
  Updated Price List.exe
- Size
  
  909KB
- MD5
  
  48303a0f6cf86a64328acc545192bff0
- SHA1
  
  2c9973e30e9697c5c8b6a91ecb3fbc8b05c3b455
- SHA256
  
  dcb42b8ad4e7cc40fe12cfef0f5b97fba6073716a6315784ed6dd8847a51e86d
- SHA512
  
  f54afc180d0d1bf6ce4ddaa8ea04a1c2281390a8bc102b2b5e52d6bed2083932af1e0862a7d498695cde64a939d5704d2e48766c4b72fab76c8321cd8ac36891
- SSDEEP
  
  12288:m3ks0DMw9q5M3FYOc+s7LbcwH8YiSFDw5:m3ksxw9rYO6Pcwcaw
Score

10^/10

snakekeylogger collection discovery keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectiondiscoverykeyloggerspywarestealer

behavioral2

snakekeyloggercollectiondiscoverykeyloggerspywarestealer

© 2018-2025

Terms | Privacy