snakekeylogger | cda000bd8078f0daa890e5c0bebe2f6b582087a8db02aaf3a2a666e6d30fddb9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

Swift-MT103.exe

windows7-x64

Swift-MT103.exe

windows10-2004-x64

9

Sharing

General

Target

cda000bd8078f0daa890e5c0bebe2f6b582087a8db02aaf3a2a666e6d30fddb9.iso
Size

1.4MB
Sample

250319-kak2wsyjv5
MD5

60bbdd1e3f67da4e79b17ffb9b3e58e3
SHA1

09bdd1c0ccb437499916317b6763c5daa0c77d2e
SHA256

cda000bd8078f0daa890e5c0bebe2f6b582087a8db02aaf3a2a666e6d30fddb9
SHA512

74ac23ea90d93856e0d623ce8edbb9f67efa51400dbcfe8a97b17085d89b57b2cd8e2ac3463fea5ead5e654122fc2a39d6773a21db9b451a505b7e75b49273ae
SSDEEP

12288:chI6e7BDwgIXW3sKHYngQFnfeYZpOdwQXGk5RGVgCREyMqdwHHKz3aJIs81M:8isWD9Knf5ZpBQXr5CREqdcqz3

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Swift-MT103.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Swift-MT103.exe

Resource

win10v2004-20250314-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.cricketthailand.org
Port:
587
Username:
[email protected]
Password:
]oijoK{Pyu+Y

Targets

- Target
  
  Swift-MT103.exe
- Size
  
  895KB
- MD5
  
  9abe32e95a552ca0fbb0d69377233b0a
- SHA1
  
  e6ef0719295f5d8ce15162cdbf497d8b646de578
- SHA256
  
  925f4c287a17723f878298745ef9bda747ec11140346e2eb4a57121702101a79
- SHA512
  
  97201ae2f06f5f1836e530bdba77cb4b55b1e13f04fc469a6ea1409bf58195322c5bf5322abf9933843c36f8c359bf04eb50da8d7d44213cd61698e7cc3af9e5
- SSDEEP
  
  12288:mhI6e7BDwgIXW3sKHYngQFnfeYZpOdwQXGk5RGVgCREyMqdwHHKz3aJIs81M:misWD9Knf5ZpBQXr5CREqdcqz3
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snakekeylogger family
  snakekeylogger
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

© 2018-2025

Terms | Privacy