Extracted

• • Target

    S09900090K.exe

  • Size

    206KB

  • MD5

    717af05a9247debb55e8a57cb5096df4

  • SHA1

    c0f8e0518f372e52fa5245c1ee3992ac02e15a5f

  • SHA256

    e4023297b3b3918787683d59c9ebf0c5786cdf50f42f54c50aa5571e7dae29f7

  • SHA512

    13a7c5dfe3474f3c4b17a52525203953adb82a82f11e6a688543d00afc6f00eacdced92990802622c885ee88fe01c73d6297d9de6db512f282d35544a243ea15

  Score

  10^/10

  persistencesnakekeyloggerkeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2