Extracted

• • Target

    RFQ 1225- PR 905-018082023.exe

  • Size

    613KB

  • MD5

    83b6d64bed8248fa288aa86f5af1f4c8

  • SHA1

    4d7cf02b4119d757a05026582020bc1839852164

  • SHA256

    6de931472361a2d7698e1ed9e749dd5a370ae6cdaa12fe48584f6314dd826626

  • SHA512

    85e0ec9cf07176742b998eab4d986a979c3348956bf3081a551ea7fa902700de4289aabe6e08c0f4f0f5e06dd47d84e91ee2e50b4de67cae1628b0383d5c9202

  • SSDEEP

    12288:pc23/gPrkwUr3eH+6nluitgZXQg3RVS9cdaEb5yB/d:1wrkEVtgJrMasf/d

  Score

  10^/10

  snakekeyloggerkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2