Extracted

• • Target

    Ucaai.exe

  • Size

    590KB

  • MD5

    a3128c8b67fd08ae19dd966bef878cb4

  • SHA1

    8e636f183d7185b23f9894bad847d1ada4561252

  • SHA256

    afea8e29447ebe85480428e2ad947457d515968694dcb5d721886ad1d5945459

  • SHA512

    caf3e8071c53c0838514110658a36deff6f90a205b941010537a95f8650181a16ca9c1776e2593bce52cea440fa7348937ff928e28b8553bb0f00201403a8fc5

  • SSDEEP

    12288:4ES8ryazt80P6Etvu/2oALepFUAPU5bJb+a2HbTFDBWELTpKHf:4UJnLepFUAPU59bObTNL/YHf

  Score

  10^/10

  discoverysnakekeyloggercollectionkeyloggerpersistencestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2