snakekeylogger | 15d126878e7c07d9781f95c92add5c8927292f04bdc19cc1e54e75c78ad6ddda

General

Target

27032025_1624_27032025_Inspection sample.r00
Size

524KB
Sample

250327-twr7rsxjx4
MD5

035b00700c7c2463f2bb4bd8d01b19f7
SHA1

32973f3cbf8759fdf8d704ddf126da9e88f4e932
SHA256

15d126878e7c07d9781f95c92add5c8927292f04bdc19cc1e54e75c78ad6ddda
SHA512

115298722cee211944199924978fce4b4a7f2e7696daa935e8db4180ae080cd3635f018039294f22562b4f1657e51aaacb88800dd15bb61ba149bdd538981303
SSDEEP

6144:ranIJeIYMFu52V2B3r7ArcYKZAH0ybtA1kBjSuAGGHTXTnu30MKeoMFjUtk3/UPp:i7IuB3rsHHskBFAW0MKeoM+tkv+PS34z

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7771414253:AAEI6ViUbLcxoGeVLOmbEoP7NXWSkDDW9Fo/sendMessage?chat_id=1695799026

Targets

- Target
  
  Inspection sample.exe
- Size
  
  641KB
- MD5
  
  a672b8f0cd4cc6aebfdb889074e39822
- SHA1
  
  3a167c22503866b00270de06448ae2eb60a4a857
- SHA256
  
  08a20e7023a3e5c544e0d48c67d6a50cf22aedc680b85237fa91b9fa315275cd
- SHA512
  
  3cf5e2268917ef65964e3303a37ed296f2fc20ed897fb947e9717690a7b6dd3361b2069691f8252b320b21ef56c64149971313f93f858662a4577fa4ef874039
- SSDEEP
  
  12288:zAd9fTeWCB3SGK64Cpd8SIEu+ysWLyA+gW:Md9fXNrOP8yuwWLyA
Score

10^/10

snakekeylogger collection discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2