Snake Keylogger

Malware updated 7 months ago (2024-11-29T13:57:08.804Z)
Download STIX
Preview STIX
Snake Keylogger, also known as "404 Keylogger" or "KrakenKeylogger," is a subscription-based keylogger malware with extensive capabilities. It is designed to covertly monitor and record every keystroke on a computer, including usernames and passwords, and scan applications to steal saved credentials. This data is then exfiltrated using various protocols and delivered back to the hackers, who may use it directly or sell it on the dark web. Snake Keylogger was a persistent threat throughout 2021 and 2022, and its risk remained significant in 2023. The deployment of Snake Keylogger often begins with a phishing email containing a malicious Excel document. The recipient is lured into opening the file under the guise of viewing details of a "balance payment." Once opened, the document exploits a known vulnerability to download an HTA file, which subsequently uses multiple language scripts, such as JavaScript, VBScript, and PowerShell, to download the Snake Keylogger's Loader module. The Snake Keylogger Deploy module then establishes persistence on the victim's computer and conducts process hollowing to run the core module in a newly created process. The Snake Keylogger's functioning involves stealing sensitive information from the victim's computer and transmitting this stolen data to the attacker using the SMTP protocol. FortiGuard Antivirus service can detect the attached Excel document, the downloaded executable file, and the extracted Snake Keylogger with specific AV signatures. Despite similarities in capabilities with other malware families like Agent Tesla, Snake Keylogger remains one of the top malware threats identified by Cofense.
Description last updated: 2024-10-15T09:25:27.709Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Credentials
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Agent Tesla Malware is associated with Snake Keylogger. Agent Tesla is a well-known malware that primarily targets systems through phishing attacks, exploiting an outdated Microsoft Office vulnerability (CVE-2017-11882). This malicious software is designed to infiltrate computer systems, often without the user's knowledge, and can steal personal informatUnspecified
2
Source Document References
Information about the Snake Keylogger Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more