Extracted

• • Target

    PO HGD-062-26.exe

  • Size

    562KB

  • MD5

    d5a17638cd85bd565801945b2c1104fc

  • SHA1

    edfdad7f4a70a535377d17987db7b4519bea6053

  • SHA256

    70b86ae1a2b54a630bf94ed868958fdc478fa15368b29a8fef0953518fc64dad

  • SHA512

    875e3ba9f7cf6c00d4f695e93263da0be4ceaee4d689f3c83baaa9ef227058eaff6e46443438b022b212cbf696622362e5933ca0df32bcf25d0f5440eb401832

  • SSDEEP

    12288:czmI7l+NMu6AzfSjzOgiEtqzlQDZ3+gp/g0UZHu5fmL:CmN6QfmzM2yQDZ3+gVgO5fmL

  Score

  10^/10

  snakekeyloggerstormkittycollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2