snakekeylogger | ba3087cf0ca847cb8b06d7511425d903cd97de1b88cf6fbe32fae406a3f9f78b | Triage

Submit
Reports

Overview

overview

Static

static

3

Sigmanly_1...ba.exe

windows10-2004-x64

Sharing

General

Target

Sigmanly_12e1be7e89caa22df82c876fe2dd90ba
Size

12KB
Sample

250413-rxzxwsxyez
MD5

12e1be7e89caa22df82c876fe2dd90ba
SHA1

3b129bdd35aa241475f123aa72d374f3ccdd2009
SHA256

ba3087cf0ca847cb8b06d7511425d903cd97de1b88cf6fbe32fae406a3f9f78b
SHA512

be89fb6258ad9f9d0275566e8fcc0102d1e328cbafe8f452a42ebd413c7902ea1b11c97b1f9a366d3335e0c9ce1878d546f4fe7d20c58e9a6f877a6b079d26e6
SSDEEP

384:w0du5F6ggVCHVRHaPSqsDhVLEJ89M5niUtl:385kSVRHcSXDhVLEJ1iA

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Sigmanly_12e1be7e89caa22df82c876fe2dd90ba.exe

Resource

win10v2004-20250410-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7016021549:AAFFED6mrzzYMktPd78AMWdi_nAN7SC1JJY/sendMessage?chat_id=1018401531

Targets

- Target
  
  Sigmanly_12e1be7e89caa22df82c876fe2dd90ba
- Size
  
  12KB
- MD5
  
  12e1be7e89caa22df82c876fe2dd90ba
- SHA1
  
  3b129bdd35aa241475f123aa72d374f3ccdd2009
- SHA256
  
  ba3087cf0ca847cb8b06d7511425d903cd97de1b88cf6fbe32fae406a3f9f78b
- SHA512
  
  be89fb6258ad9f9d0275566e8fcc0102d1e328cbafe8f452a42ebd413c7902ea1b11c97b1f9a366d3335e0c9ce1878d546f4fe7d20c58e9a6f877a6b079d26e6
- SSDEEP
  
  384:w0du5F6ggVCHVRHaPSqsDhVLEJ89M5niUtl:385kSVRHcSXDhVLEJ1iA
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

© 2018-2025

Terms | Privacy