Second consecutive day for SnakeKeylogger via Garanti BBVA. The email changes the text and the compressed attachment. Inside, however, there is an exe with the same malware and the stolen data is exfiltrated via Telegram Api to the same C2

Second consecutive day for the SnakeKeylogger campaign via Garanti BBVA, which changes the text of the email and attachment.

This becomes a z-compressed file, with an exe inside: the malware. The stolen files are then exfiltrated via Telegram API, through the same C2 as yesterday’s message.

SnakeKeylogger is an infostealer that can acquire information via various methods.