Extracted

• • Target

    762caa1af324f758515800584c2ed5fa.exe

  • Size

    551KB

  • MD5

    762caa1af324f758515800584c2ed5fa

  • SHA1

    1fb9d04b2dd0124faab3643d743ca207c17d9ce3

  • SHA256

    db7f70227c9ba4a6977cbd919bf9aa2f611d2557b145e5a8d7f06d184dd9d5d3

  • SHA512

    23317580dc9f7057f7787f12a1225651458d40c4ab3611cded86771ee88e557c76a429cf2105ab56bba397a457e8bfb706b678f777acf1bae0efa0d637d627de

  • SSDEEP

    12288:NzfI83QbSepCGUE+T7tRzjfeR1Ee/aOx3f:dB3QbSZ3nnvjofaOx

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2