Extracted

• • Target

    Icsmcwcw.exe

  • Size

    22KB

  • MD5

    3c68b70b369230bfc695f391be176da9

  • SHA1

    46c464f0d1cffeadcdd93c6c86c288860089c78a

  • SHA256

    cad1feb442eba9bbe034cadb76a076607f5ebc98c499255c2971e743c40d681e

  • SHA512

    5bf26ecaadd2831f798ffaa899508f9621b261959540656c93e5b0d51af74e566157fc9f5fa3e9be4f5a24cb701c690bc8b2e72291f412399bd1710a240d0efc

  • SSDEEP

    384:MUTTskJkdw5HKWNPnbn+b/AeH9F9wGjEnAtNCSGFqU9:/5EwYqPbn+rLXiiEnuCLFqU9

  Score

  10^/10

  snakekeyloggercollectionkeyloggerpersistencestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2