Extracted

• • Target

    e90d3ec392d44522f55a0cf054c211a9.exe

  • Size

    754KB

  • MD5

    e90d3ec392d44522f55a0cf054c211a9

  • SHA1

    0c6247533089c0b7bb4a29a08a6434bfad26b0bf

  • SHA256

    fbca5195cab9ea8df36b6123fd0e23f2e1ca97cd0b61d6d40ecee6611f31c8ff

  • SHA512

    805c64d65a8a3f8c9663cd8714edc0ec87fa0fba43e0efd31dac78ff4b2de86ed6cda1fddf1b1da49ef17d6b5afd7d84e8d505828723d0a1d386bffad0d7f773

  • SSDEEP

    12288:DA5YB0OlJhZ5tgLV/651iqUGqGATBAoWL1EoU1cWT6p7r+72KQoIX9ie7zQpSQo:DA5AVDb2/65IqUJA1vycWOqvVIXQeq

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2