skip to Main Content

Cybercrime, SnakeKeylogger campaign via “RE:conferma d’ordine XX”

Malware Hunter JAMESWT Technical Analysis

SnakeKeylogger campaign via “RE:conferma d’ordine XX”. The uue attachment contains an exe: a loader that downloads the malware and runs it by infecting the machine. Data is stolen via smtp and api telegram

“RE:conferma d’ordine XX” is the subject of an email, which hides SnakeKeylogger inside.

The uue attachment contains an exe file, which acts as a loader. This downloads the malware from a url, decodes and executes it, infecting the machine. The stolen data is exfiltrated via smtp and api telegram.

 

SnakeKeylogger is an info stealer capable of acquiring information through various methods.

Back To Top