Extracted

• • Target

    9765435789te.exe

  • Size

    809KB

  • MD5

    a1bcc030b3772680da1e842f616e6329

  • SHA1

    ebf7a1a91c7143fa1f6a98b039dfc0238b7dc58b

  • SHA256

    54492f6c2f298dd366978c41c40e603dc981e871d8fbbef854077652f787dde5

  • SHA512

    087f28862949d8d65e799ce5f4e0012f8bc76326b42ff7b71b72e800b0e5ecdd6bc58c3e578c42f26d2aba7422015667c8bab8916367a3b653b0d939d4864a1d

  • SSDEEP

    24576:dkcEILpX/dycnILpX/6zMu1yj5mjs0pW:dkcEILpX/dycnILpX/6zMu1yj5mj4

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2