Extracted

• • Target

    SecuriteInfo.com.Win32.PWSX-gen.3782.29425.exe

  • Size

    1012KB

  • MD5

    b6627ede2d8cc7c41ce2b1ae6ce90637

  • SHA1

    6f9fee2681177e07dbd65559574c24786583b134

  • SHA256

    0983653ed943e88580b04dc228483a8661c89a282fa0f01e097fd238b4631427

  • SHA512

    a7a7cc6d960b9f122a8a159b50a65f56ab32aba194be401712584ea518b44077965f7f0d298f7de1d3a7739b80a0d31553af6bbf4edefc2d541598cac748a460

  • SSDEEP

    12288:QJUA7pUZkrmdos1dxk8irwhuJLzps7mqADPp5rOGz192nwEpcbLrrrv9jlg:kCdVdxkMuJ5s7mqGTrKwgcbL7vt+

  Score

  10^/10

  snakekeyloggercollectionevasionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Disables RegEdit via registry modification

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2