Extracted

• • Target

    PU Request Form Hardware.exe

  • Size

    736KB

  • MD5

    15764eb449397a0c0a56c093320f4322

  • SHA1

    09f2d740790c48d4af8da373ae008567a11ad46d

  • SHA256

    9c6a4cf0c130672642be43795905b612d9b351278654c4bfba3cf935e127fa91

  • SHA512

    bbdb991f19e1e1228f97ac66c5f7285fef998663a706835258b8351b32ef342f2e97b3f1668d0b7cd85d890d4a3682314f3dae61ffeb35df889c633749df914d

  • SSDEEP

    12288:6Bs8Lh/l7aeukNwEx7l+ruMtCEqSKbYncyTBfszq4oqtQH76NKF5xb:yzPukNkqMgMKsnX1Uzq4DuHmkF5F

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2