Extracted

• • Target

    Quotation_spareparts_20229154.exe

  • Size

    721KB

  • MD5

    6751bfcb21f9b32722db1f5a5ad3e63c

  • SHA1

    9c06344d409813717d54a7961f75cb8573a7eaf8

  • SHA256

    b89443b465f1a7b4f348460e5ca65ab3d0a39226450480cabc93c29d8699b517

  • SHA512

    e6cda86c667cca1be0956546dfb0d2f76bec9ac322e224e38f5e2587fe7dec411f5253bc193bddecca154626cf510c2e72ef1f24c04a059166f438e04b9dea63

  • SSDEEP

    12288:je6XQozj/Fyvd+XqE5MuPpMin2KH/nEyLb:j1PtyvdiVn9EyLb

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2