Extracted

• • Target

    kajjjestipc.exe

  • Size

    249KB

  • MD5

    f5c77a19f261493f31332bd2d0f8975e

  • SHA1

    3cbbf9855b287b1a8edd1c1c14488e30668a2361

  • SHA256

    43cb9f83a18f652860eab66b131d1f8a1545c44594fa81f301efa3b44a6b6148

  • SHA512

    d642fbacaa4eae67d504984558a3d188d9bb7a13c9b887dfd57fd5803954ded9c1346ecf6c89346d165d57d2f6e55ce534284647a9ee0c0ac75e21b5420d89b3

  • SSDEEP

    6144:aRPxunMnRQYxJLLbZUZLR2n4Ns4yFK2FDmP:aRP7RQYxJzZoG4yFK2FDC

  Score

  10^/10

  snakekeyloggercollectionkeyloggerpersistencestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2