216.73.217.80

SnakeKeylogger – A Multistage Info Stealer Malware Campaign

· Published 24/04/2025 13:40 · Modified 24/04/2025 15:11

Export JSON

Essential information

Published
24/04/2025 13:40
Modified
24/04/2025 15:11
Tags
2025-04-24 info-stealer obfuscation process-hollowing snakekeylogger
Related entities
5 observables, 1 intrusion sets (apt), 17 techniques (mitre), 1 malware

Description

This analysis explores a sophisticated malware campaign utilizing , a credential-stealing threat. The attack begins with malicious spam emails containing disguised attachments. The infection chain involves multiple stages, including encrypted payload delivery, process hollowing, and stealthy execution. targets various applications to harvest sensitive data, including web browsers, email clients, and FTP software. The malware employs advanced evasion techniques such as and memory injection. It specifically targets Microsoft Outlook profiles and Wi-Fi credentials. The campaign demonstrates a structured approach with regular payload updates and abuse of legitimate servers for distribution. This threat poses significant risks for data theft and potential business email compromise.

External references