snakekeylogger | de2b16c406a932ab788f74900bdad5b00f926126d98437f151e740905ec2bece | Triage

Submit
Reports

Overview

overview

Static

static

1

NewOrder.bat

windows7-x64

6

NewOrder.bat

windows10-2004-x64

Sharing

General

Target

NewOrder.bat
Size

222KB
Sample

250326-vrexbay1aw
MD5

e5283abf739e36fd9e77c617b0028567
SHA1

0e55afb7134c54baf775a3f8dbfcd7936361ce1a
SHA256

de2b16c406a932ab788f74900bdad5b00f926126d98437f151e740905ec2bece
SHA512

813847b4f269997371ef2655ee4aa6cd863b5575d9a05c50a3f1d4f86e9c077a01fa2789de8b3c1acb99866be5185768068743f341bb64f0ad25b6281a68f883
SSDEEP

3072:0AeVwHyo+aD5NE7ZLgUzN4b9H2mncpe1jg7RmtQ/n0HfZ2Z1wJ6GghPs:W3aD5NEiUx4Tncpe5HfQwJSS

Score

10^/10

snakekeylogger collection discovery execution keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

NewOrder.bat

Resource

win7-20240903-en

discovery execution

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

NewOrder.bat

Resource

win10v2004-20250314-en

snakekeylogger collection discovery execution keylogger stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
50.31.176.103
Port:
21
Username:
somac@gdmaduanas.com
Password:
HW=f09RQ-BL1

Extracted

Family

snakekeylogger

Credentials

Protocol: ftp
Host:
ftp://50.31.176.103/
Port:
21
Username:
somac@gdmaduanas.com
Password:
HW=f09RQ-BL1

Targets

- Target
  
  NewOrder.bat
- Size
  
  222KB
- MD5
  
  e5283abf739e36fd9e77c617b0028567
- SHA1
  
  0e55afb7134c54baf775a3f8dbfcd7936361ce1a
- SHA256
  
  de2b16c406a932ab788f74900bdad5b00f926126d98437f151e740905ec2bece
- SHA512
  
  813847b4f269997371ef2655ee4aa6cd863b5575d9a05c50a3f1d4f86e9c077a01fa2789de8b3c1acb99866be5185768068743f341bb64f0ad25b6281a68f883
- SSDEEP
  
  3072:0AeVwHyo+aD5NE7ZLgUzN4b9H2mncpe1jg7RmtQ/n0HfZ2Z1wJ6GghPs:W3aD5NEiUx4Tncpe5HfQwJSS
Score

10^/10

discovery execution snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Blocklisted process makes network request
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

snakekeyloggercollectiondiscoveryexecutionkeyloggerstealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.