Malware

Snake Keylogger Steals victim Logins, Keystrokes, & Capture Screen

Emails are extremely common in today’s digital communication landscape, with billions sent daily for personal, professional, and promotional purposes. While most emails are harmless, there is a risk associated with phishing attacks, malware distribution, and spam, making it essential to exercise cau...

S ShomoySoft Editorial
· Mar 23, 2025 · 3 min read · 👁 1 views
Snake Keylogger Steals victim Logins, Keystrokes, & Capture Screen

Emails are extremely common in today’s digital communication landscape, with billions sent daily for personal, professional, and promotional purposes.

While most emails are harmless, there is a risk associated with phishing attacks, malware distribution, and spam, making it essential to exercise caution when opening attachments or clicking on links from unknown sources.

  • Logins

  • Clipboard data

  • Keystrokes

  • Capture Screen

Document

FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Free Demo

Snake Keylogger

The Snake Keylogger, a .NET infostealer malware, found in November 2020, also known as 404 Keylogger, steals credentials, keystrokes, and screenshots, collects system info like hostname, IP, and exfiltrates data via FTP, SMTP, and Telegram.

Chosen for analysis, the file “32b4f238-3516-b261-c3ae-0c570d22ee18.eml” revealed its email contents in Windows 11’s Microsoft Outlook.

Email contents

The email urges the recipient to download an attachment, referencing a ‘client,’ and uses a Customs Clearing Agency in Bolivia with the BMW logo to exploit familiarity, a social engineering tactic.

Email’s header shows the SPF, DKIM, and DMARC info

This email, which seems to be from a brokering and insurance firm in Bolivia, looks fake. In addition, it employs social engineering to persuade the receiver by urging attachment downloads.

With this email, the ‘pago 4094.r09’ file contains the ‘pago 4094. exe’ with the Yahoo! Buzz icon, which is linked to QBuzz 2011 copyright.

To test “pago 4094.exe,” fake credentials were intentionally stored in Chrome and Edge by the cyber security analysts to study its credential-stealing actions.

Saving fake Facebook credentials

After saving fake credentials, executing ‘pago 4094.exe’ makes it vanish, spawning child process ‘C:\Users\admin\Desktop\pago 4094.exe’ and dropping ‘tmpG484.tmp’ in ‘C:\Users\admin\AppData\Local\Temp’ for persistence.

At this point, the Snake Keylogger runs discreetly and silently to gather info, steal credentials, and exfiltrate data without alerting users. However, the email threats also exploit human error, demanding constant vigilance.

Recommendations

Here below we have mentioned all the recommendations:-

  • Zero Trust Security

  • Employee Training

  • Endpoint Security

  • Email Security Solutions

  • Multi-Factor Authentication

Source: CybersecurityNews.com

Tags: #Ransomware #Phishing #Malware #Vulnerability #Exploit #APT
Follow ShomoySoft for more: Follow on Facebook

💬 Comments (0)

Login to join the discussion.

No comments yet. Be the first!

Related Articles

Recommended for you