SnakeKeylogger – A Multistage Info Stealer Malware Campaign
Essential information
- Published
- 24/04/2025 13:40
- Modified
- 24/04/2025 15:11
- Tags
- 2025-04-24 info-stealer obfuscation process-hollowing snakekeylogger
- Related entities
- 5 observables, 1 intrusion sets (apt), 17 techniques (mitre), 1 malware
Description
This analysis explores a sophisticated malware campaign utilizing SnakeKeylogger, a credential-stealing threat. The attack begins with malicious spam emails containing disguised attachments. The infection chain involves multiple stages, including encrypted payload delivery, process hollowing, and stealthy execution. SnakeKeylogger targets various applications to harvest sensitive data, including web browsers, email clients, and FTP software. The malware employs advanced evasion techniques such as obfuscation and memory injection. It specifically targets Microsoft Outlook profiles and Wi-Fi credentials. The campaign demonstrates a structured approach with regular payload updates and abuse of legitimate servers for distribution. This threat poses significant risks for data theft and potential business email compromise.