Extracted

• • Target

    tmp

  • Size

    887KB

  • MD5

    c19b70381457c1bf947f4befc79dc507

  • SHA1

    c290b39b8078e473c6d7eefa8aac2f7a1b7b5376

  • SHA256

    e3605326017c58a3ef50367f4821255161997f87c615c126c981526127392d3e

  • SHA512

    3189ff8c02332ba9f6b85efe12ccf6cce2125b57e8a7cdfe915a892afb344b7e4e0ee91d2fb695083419416bbc4ee7ce48cbcc4f485489fef4a5668804e2f5f1

  • SSDEEP

    12288:6LYK0aO+4fzKM/JNDFmHGoxuBslG0VKhxabmj09JgkbzZnKkAtvxiLATAGn3WtNv:6LYha+zKM/JNB6xpYnzaSjSnKk0

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2