Extracted

• • Target

    Nhuhqpc.exe

  • Size

    171KB

  • MD5

    306561287324dcb749b051225c7ca686

  • SHA1

    715ac0c7eb48a0ff536be8c8e9cf16e3bb62e3cd

  • SHA256

    6caab57198e2e3cc5833f0b578e193c99230595f66ab98eb00f0fdae7d8c2c8a

  • SHA512

    578128194a04788bae0321645f8100a0216e801c1d60251b830add12f63f6feb4f0d562deea5cd64bbe453b744fa49590b514856613b2c3eaae167ea88575f43

  • SSDEEP

    1536:A1vldVVr/ETon7CdEZIPas6A5Adgl6nPUStsJhB9rMVcoXfRlXn:cYon7O/XigW6/wcoZl3

  Score

  10^/10

  discoverysnakekeyloggercollectionkeyloggerpersistencestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2