Extracted

• • Target

    7f3e2c694cfbbc9ca151895f5064bcd63a54b00b4665fb62666a5e2cccfb0d08

  • Size

    816KB

  • MD5

    8a4e10b422f43f8aef097070f9840616

  • SHA1

    59319f00f3adeca4bf87378f63ca3343bcc0076c

  • SHA256

    7f3e2c694cfbbc9ca151895f5064bcd63a54b00b4665fb62666a5e2cccfb0d08

  • SHA512

    0d120eb3853f84ea92e7aec1e96e5e66167ae91cb243599bf9e43d3d3a5bec500b08c8c58d86bc0bac720eafc959ce109d06c4601c0e15615864f3600aa948db

  • SSDEEP

    12288:AzJ2uLggqs8aGzSlArKYLPZ2TX9o7c3q:tzhiAWDza

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1