snakekeylogger | 28bdf2bdbb996f350fecb33257d155b4eb1655cab61cc9814095ad74acb62b15 | Triage

Submit
Reports

Overview

overview

Static

static

3

HBLSTSZN11...DF.scr

windows10-2004-x64

Sharing

General

Target

11042025_0921_HBLSTSZN11042025 MBL 149307924718_PDF.scr.iso
Size

74KB
Sample

250411-lbaszsvvdy
MD5

f5a8aed1bf8b46effb06f2c5eae6aa8c
SHA1

73a06c4df2b689d588b024c279a4f4e6725a916d
SHA256

28bdf2bdbb996f350fecb33257d155b4eb1655cab61cc9814095ad74acb62b15
SHA512

916f7e6d661590211bab4083a7c97ea021d08c0c2cc6469b93e3a7e74ffa934eda3262a1b4651f35844b5091713ccc659e4ddc93101d891f8dca3698e97b2051
SSDEEP

384:e/tzguJQ1CLj6qO6gU+CEe5RlKNY3DrvnmHFyOiV//f3ZXwSuRRImarx:el7KUj6w0ec+zrM6xXBmjE

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

HBLSTSZN11042025 MBL 149307924718_PDF.scr

Resource

win10v2004-20250410-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

12 signatures

300 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7659609349:AAG6oTDMp1usYizJgXxziN-qIg484dIWUa8/sendMessage?chat_id=6738204513

Targets

- Target
  
  HBLSTSZN11042025 MBL 149307924718_PDF.scr
- Size
  
  13KB
- MD5
  
  81ebacf0b5ffac8e6e37a22f64d2d029
- SHA1
  
  0ce565f7581ed2ac92628609f9e558ed8615fa6a
- SHA256
  
  9d27a8975f291367019591923354731db4ac8b79c283fd867c557aa49efcec47
- SHA512
  
  288cc4cb52e24f012ddfae237f1c1695828672ff1961549b8b52831a4d17c010d5977def18237a206ee0de391526684c23c8aac15e0904b24343d4559dca1a64
- SSDEEP
  
  384:rtzguJQ1CLj6qO6gU+CEe5RlKNY3DrvnmHFyOiV//f3ZXwSuRRImarx:p7KUj6w0ec+zrM6xXBmjE
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy