snakekeylogger | 2633061ccd972f7678cf8fab95d35da2bcfc4219d2fd89337396370c84948a0a | Triage

Submit
Reports

Overview

overview

Static

static

3

Narudžben... .scr

windows10-2004-x64

Sharing

General

Target

11042025_0921_Narudžbenica 130666 Impol Tlm_pdf .scr.iso
Size

74KB
Sample

250411-lbl61svvfv
MD5

8dda804994307fe1fe3dd1a9c38b0c16
SHA1

96b9449a1f3e1540519b883ae11477738c763d00
SHA256

2633061ccd972f7678cf8fab95d35da2bcfc4219d2fd89337396370c84948a0a
SHA512

9ee04ca6e3f8f2ecbd6d9d21e3513105d063b0c72c69ee2d490d4f822a8ac8bdf797f5d5126306b146b41a69b40aa50cc5078b42e730363ca18aa28adad100e3
SSDEEP

384:t50GG7X+ZBkUfh6g3CnMb4RHaPSqsDhVLEJ89M5niUug:t50GG76kUYG4RHcSXDhVLEJ1i2

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Narudžbenica 130666 Impol Tlm_pdf .scr

Resource

win10v2004-20250410-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

12 signatures

300 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7016021549:AAFFED6mrzzYMktPd78AMWdi_nAN7SC1JJY/sendMessage?chat_id=1018401531

Targets

- Target
  
  Narudžbenica 130666 Impol Tlm_pdf .scr
- Size
  
  12KB
- MD5
  
  8b858788092ce0a0a4c774712bf99089
- SHA1
  
  d0363773fdbfa6718325af55dac0a91f0ff01a0d
- SHA256
  
  511c7c20def507f2498d9bb941173990602dcbe9b45399d424c232fca3aa318e
- SHA512
  
  693876604cfaf457ee3e81a507b35e8a7dbab469754140b17a2a2b68b28c5e71dc02ef3b17044d4e5a17bc2eea922c8201133ced0afc9abaa235640275d8169d
- SSDEEP
  
  384:9X+ZBkUfh6g3CnMb4RHaPSqsDhVLEJ89M5niUug:96kUYG4RHcSXDhVLEJ1i2
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy