SnakeKeylogger – A Multistage Info Stealer Malware Campaign

April 24, 2025, 3:11 p.m.

Description

This analysis explores a sophisticated malware campaign utilizing SnakeKeylogger, a credential-stealing threat. The attack begins with malicious spam emails containing disguised attachments. The infection chain involves multiple stages, including encrypted payload delivery, process hollowing, and stealthy execution. SnakeKeylogger targets various applications to harvest sensitive data, including web browsers, email clients, and FTP software. The malware employs advanced evasion techniques such as obfuscation and memory injection. It specifically targets Microsoft Outlook profiles and Wi-Fi credentials. The campaign demonstrates a structured approach with regular payload updates and abuse of legitimate servers for distribution. This threat poses significant risks for data theft and potential business email compromise.

External References

https://www.seqrite.com/blog/snakekeylogger-a-multistage-info-stealer-malware-campaign
https://otx.alienvault.com/pulse/680a3f63bd3d072221e25eba
Tags
obfuscation
process-hollowing
snakekeylogger
info-stealer
2025-04-24

Date

  • Created: April 24, 2025, 1:40 p.m.
  • Published: April 24, 2025, 1:40 p.m.
  • Modified: April 24, 2025, 3:11 p.m.

Indicators

  • c53c4d8cb1cd8bd68a59b6d6f4f105e918c5c0d025a600b90173c525115dc01c
  • b106f5b826b7d98a5b24487bc596827451b91fbb874d8feda6cfe7adda4331ac
  • 672608a8f2706346f26475718b1aedaf25225994d977139d4e9566f11da0b992
  • 7a5a195be41d691882da0610b142ab0f82b6cccfa5b66db38b5a2416f5e4b62d
  • 103.72.56.30
Download all indicators here!

Attack Patterns

  • SnakeKeylogger
  • SnakeKeylogger