Extracted

• • Target

    PO52024.EXE

  • Size

    606KB

  • MD5

    42cf1acd0c33a70b1b4f55cf4c106a66

  • SHA1

    e3156b1d0f7c0c4ae7b5f24453a97b4c2f8cc3ad

  • SHA256

    9ad67bc90d52236a2893bad025077cb1f59ef0b059a0c1c4c95a803a3a3875ad

  • SHA512

    bb89dd0ebb2923fa559cb0b1490282c888ec4fcdb1a12ce2a7c5f74ceec44f964f9f5f0a38e151d68326cf3542e0a7a59d8dc54bea99a1ca4df65b3003fc69cc

  • SSDEEP

    12288:a89eoUXN+8YnrVNwsfrT0hfp2X74sCzD8e4hTyOW:DUXN+8YrVNT02QzD+hTy

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealerredlineinfostealer

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2