Extracted

• • Target

    Quotation.doc

  • Size

    43KB

  • MD5

    119ce65d4a9e479cd494c1a6de72c586

  • SHA1

    812bc57420005036eca281e3210dc6827709c4e1

  • SHA256

    f108a18c3b7eb3ba3a30f7535eca4e0a0a1901323052bea2156f67a9cb89788b

  • SHA512

    2854dd8bcbeebb93a395d1281ee240e177eaa1fa774a4b522bf8d24014e9db84d6140db471de8c356a894444232057cf74de62204cb0b3684b9d1643333bfb3b

  • SSDEEP

    768:GFx0XaIsnPRIa4fwJMY3l5KAnFeunXaPAdLNv+YF6pNxfwvtyrDwmfwt:Gf0Xvx3EMSKdu+i+YF6p7wFyrDb4t

  Score

  10^/10

  snakekeyloggerkeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2