Extracted

• • Target

    Aatch.exe

  • Size

    13KB

  • MD5

    e7489df1b705021efba74ee65fa7761d

  • SHA1

    96b5f2cdb4fe43e12ea02fd1ba95fca84e196e3e

  • SHA256

    7bb1f961ffae2e3ffa422d151c2290d281b02f8be9279a52bae179fb47d817ce

  • SHA512

    cb51dc678e292b6d1cc9e7a0ca10b8f2c90dc6bd21fbba5bd0f30663acdf47282e7cd6f442a8ba6cea2fcc430a6f9175693d4fe02a345c744768c2591da3d66c

  • SSDEEP

    192:dze8OfffffhasFbb7eApmL9eenvEd/oYnvS/Ywm:dzeLfffffhFbbVpmL9eevejvSw

  Score

  10^/10

  snakekeyloggercollectionkeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2