Extracted

• • Target

    SecuriteInfo.com.Trojan.MSIL.Krypt.31548.exe

  • Size

    908KB

  • MD5

    08b1020247eb5352d484f254433a7471

  • SHA1

    20905f3566f4670dae9982a0f831c1406a0342be

  • SHA256

    05c411c9f179d759acaf615a61a43c6cd8b5b76fa41177185a229ba5e1db0827

  • SHA512

    729cb653b56088442556aa5801ca484309414dca6fa1c50d79a54a84230fbc5428f09b54005482dbc912b758e1bf2ebf3e6770518d91107abd2f0c8c920aba4e

  • SSDEEP

    24576:oBGfXIPdZtiYoAg0IzljgKjrAc1l+16f:oVZEYvIzlgK4c1jf

  Score

  10^/10

  snakekeyloggercollectionevasionkeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Disables Task Manager via registry modification

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2