Extracted

Extracted

• • Target

    ff777a5e6a54f56d5452624ec6f0cd6938ba286ce648176efeec46fcceed5286.exe

  • Size

    682KB

  • MD5

    31c0fb555469b0836b447b2e71c8fd74

  • SHA1

    85a52ac681c856927403114207455b1cc42d38a0

  • SHA256

    ff777a5e6a54f56d5452624ec6f0cd6938ba286ce648176efeec46fcceed5286

  • SHA512

    7d549ef196dbb3701c4c4b83ef6a7b7e455ebc45d00037e399f5cf44a3909bd12ca21aee5bc07dbd96a5df2a50b39004e342840e2527349eba9cbb5e6f08d473

  • SSDEEP

    12288:361tZZr9L7kX0F1CEgkEXQwko3b2VvRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRs:361tZL3kY0EgnXQOL

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Executes dropped EXE

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2