SnakeKeylogger

The r00 attachment of the “SOA REMITTANCE Final DA / MV NPR -IMO: 9268083” email contains an exe: the malware. Stolen data is exfiltrated via Telegram API.

Cybercrime, SnakeKeylogger uses Siemens Energy as bait

The “Action Required - SIEMENS Energy -PO- 216238068” email has 2 identical rar attachments, with…

Cybercrime, SnakeKeylogger uses Siemens Energy as bait

The “Action Required - SIEMENS Energy -PO- 216238068” email has 2 identical rar attachments, with inside an exe: the malware. Stolen data is exfiltrated via Telegram API.

Cybercrime, SnakeKeylogger passes by invoices in Turkey

The “854F1E97-5DBB-4A87-A566-33D9012B05E2pdf.lzh” attachment of the “MEPAS E-Arsiv Fatura” email contains an exe: the malware. Stolen…

Cybercrime, SnakeKeylogger passes by invoices in Turkey

The “854F1E97-5DBB-4A87-A566-33D9012B05E2pdf.lzh” attachment of the “MEPAS E-Arsiv Fatura” email contains an exe: the malware. Stolen data is exfiltrated via Telegram API.

Cybercrime, new SnakeKeylogger campaign from Turkey

The “854F1E97-5DBB-4A87-A566-33D9012B05E2” attachment of the “MEPAS E-Arsiv Fatura” email contains an exe: the malware. Stolen…

Cybercrime, new SnakeKeylogger campaign from Turkey

The “854F1E97-5DBB-4A87-A566-33D9012B05E2” attachment of the “MEPAS E-Arsiv Fatura” email contains an exe: the malware. Stolen data is exfiltrated via Telegram API.

Cybercrime, the “Re: RFQ” email baits for SnakeKeylogger

The “RFQ-000267RET9084.img” attachment contains the “RFQ_002.exe” exe file: the malware. Stolen data is exfiltrated via…

Cybercrime, the “Re: RFQ” email baits for SnakeKeylogger

The “RFQ-000267RET9084.img” attachment contains the “RFQ_002.exe” exe file: the malware. Stolen data is exfiltrated via Telegram API.

Cybercrime, double SnakeKeylogger campaign via couriers

The 2 rar attachments of the message contain the same exe file: the malware. The…

Cybercrime, double SnakeKeylogger campaign via couriers

The 2 rar attachments of the message contain the same exe file: the malware. The stolen data is exfiltrated via smtp to an email address and via the Telegram API.

Cybercrime, failed HSBC-themed malware campaign

The email contains a gz attachment with a password-protected rar inside, but it is not…

Cybercrime, failed HSBC-themed malware campaign

The email contains a gz attachment with a password-protected rar inside, but it is not provided in the text.

Cybercrime, false urgent request for products from Malta carries SnakeKeylogger

The r00 attachment contains an exe file: the malware. The stolen files are then exfiltrated…

Cybercrime, false urgent request for products from Malta carries SnakeKeylogger

The r00 attachment contains an exe file: the malware. The stolen files are then exfiltrated via Telegram API.

Cybercrime, second consecutive day for SnakeKeylogger via Garanti BBVA

The email changes the text and the compressed attachment. Inside, however, there is an exe…

Cybercrime, second consecutive day for SnakeKeylogger via Garanti BBVA

The email changes the text and the compressed attachment. Inside, however, there is an exe with the same malware and the stolen data is exfiltrated via Telegram Api to the same C2.

Cybercrime, Snakekeylogger hides in a SWIFT transfer

The tar attachment of a fake email from Garanti BBVA contains an exe: the malware.…

Cybercrime, Snakekeylogger hides in a SWIFT transfer

The tar attachment of a fake email from Garanti BBVA contains an exe: the malware. Stolen data is exfiltrated via Telegram API.