Extracted

• • Target

    Shipping Documents.pdf.exe

  • Size

    704KB

  • MD5

    903734f7c57dc9f7de2e10c8efdddb44

  • SHA1

    c4942900cb85153d90371e52398d42e4e715b756

  • SHA256

    82a5ab20cca30fb6373b256808762ba3fe16ea61c36ccaa60d676c171f6741f6

  • SHA512

    21cced8ccdbb367cd4e4c54364dbe7e7f9d1c5010b29772a7cd2df8cc81d5ffd448bb93bb5715fbc70b8c276a6340d36e543b306d59b52f082ca6faa08ab41bc

  • SSDEEP

    12288:t4ZfTp7kxmYcuENSNi3UT8kI5FRTcMAHNOzE+v07NCRB4:tmLNGAXNSiUT8ffnr07

  Score

  10^/10

  snakekeyloggerstormkittycollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2