Extracted

• • Target

    PO UAPO00060923.exe

  • Size

    586KB

  • MD5

    63eac08a3dc1ce9b6ae7ba733a73422e

  • SHA1

    8cff5e582cf74c799ba4dcde9b8c65d601735446

  • SHA256

    83c7cc2ec5eed8e246ebcffdf849c712f9c6a624e4b8852dbee04d9afefa49ce

  • SHA512

    628e926d29844ecd3762fab33d36d65a406930d12d322b8cf009ce7519b0237cb3f9ef1fd185e5d1e2c3c822bb77f7fca771c7336eb55374b7afd215d21b0353

  • SSDEEP

    12288:EQYX9KUwy1VJyOsHJa1V2JZJbhrz8LWo4Vbjhpm:ot+AVkOkk1yDWW1vhw

  Score

  10^/10

  snakekeyloggerkeyloggerstealercollectionspyware

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2