Extracted

• • Target

    RQ129990.exe

  • Size

    523KB

  • MD5

    c924f9fd5c158a713bf9fb27c417db9a

  • SHA1

    c2ba795391c96b75544b7b9210a5fafa7def3be0

  • SHA256

    48f2f1fbc52e8fcfff7b95c0cbd735975fe1ec8b383361027b8d3f730cc13c42

  • SHA512

    91b0fd6dcc971673e6a546a63bf7f22c4e66e5aff9fa0728cb7013d90f7596a30b0e828c3c4f0ca00fb10fc6c822798fe96b7a91ae469de37885182934833b3d

  • SSDEEP

    12288:rvohjwfdgVCMtvG22tjNVC3j4b1T8jI1IIyX7bCi:rvo2t2WjNVC3jiTEIy

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2