Extracted

• • Target

    Kjcudd.exe

  • Size

    13KB

  • MD5

    a2e2465b44a5b76191696483522ce78b

  • SHA1

    60c31de9330a5a349f44b333cc247b96c40cf72e

  • SHA256

    60c5b8fc203fab56c0c8077ef880ec749441e65f9fbc5be6b252ed5718166c2f

  • SHA512

    69a6245afafea2004511eb183da176ef764d561ad5854ed6ba1fdcde8f86bda6fd5658845e0cd3e51090605e7b5ef4b82c2f8cb9e2b7cac9f37c48b255630a04

  • SSDEEP

    192:g6orT3RCYfI8WxhNEv9Xd8LC3RsB3L7gU9qkLeIg:g5DfL+NK8LChGhqkLeI

  Score

  10^/10

  snakekeyloggercollectionkeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2