snakekeylogger | 511c7c20def507f2498d9bb941173990602dcbe9b45399d424c232fca3aa318e | Triage

Submit
Reports

Overview

overview

Static

static

3

Narudbenic...df.scr

windows10-2004-x64

Sharing

General

Target

Narudbenica130666ImpolTlm_pdf.scr
Size

12KB
Sample

250411-h51dyssqx8
MD5

8b858788092ce0a0a4c774712bf99089
SHA1

d0363773fdbfa6718325af55dac0a91f0ff01a0d
SHA256

511c7c20def507f2498d9bb941173990602dcbe9b45399d424c232fca3aa318e
SHA512

693876604cfaf457ee3e81a507b35e8a7dbab469754140b17a2a2b68b28c5e71dc02ef3b17044d4e5a17bc2eea922c8201133ced0afc9abaa235640275d8169d
SSDEEP

384:9X+ZBkUfh6g3CnMb4RHaPSqsDhVLEJ89M5niUug:96kUYG4RHcSXDhVLEJ1i2

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Narudbenica130666ImpolTlm_pdf.scr

Resource

win10v2004-20250314-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7016021549:AAFFED6mrzzYMktPd78AMWdi_nAN7SC1JJY/sendMessage?chat_id=1018401531

Targets

- Target
  
  Narudbenica130666ImpolTlm_pdf.scr
- Size
  
  12KB
- MD5
  
  8b858788092ce0a0a4c774712bf99089
- SHA1
  
  d0363773fdbfa6718325af55dac0a91f0ff01a0d
- SHA256
  
  511c7c20def507f2498d9bb941173990602dcbe9b45399d424c232fca3aa318e
- SHA512
  
  693876604cfaf457ee3e81a507b35e8a7dbab469754140b17a2a2b68b28c5e71dc02ef3b17044d4e5a17bc2eea922c8201133ced0afc9abaa235640275d8169d
- SSDEEP
  
  384:9X+ZBkUfh6g3CnMb4RHaPSqsDhVLEJ89M5niUug:96kUYG4RHcSXDhVLEJ1i2
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy