Extracted

• • Target

    Swift.txt.exe

  • Size

    539KB

  • MD5

    b1a8dfff51ee717d53c7f90f0840fe9b

  • SHA1

    33ca9d90da7c348233e4eaa565c5b9b91017709d

  • SHA256

    008af3e6e04d2340b385793e03af2550e0e18ce1531d635dff30e69d3e820dbf

  • SHA512

    fbf81cba922f55946d5fc7f7694a9095cef51976eb7780b851f1c2fd34b7a366da7f527f73343b455f15e5d5f9a37cc4b1c2dfab0f43cd72960dfc39feab90e6

  • SSDEEP

    12288:mdJF9KCvoctGgxTkn3MvWroS5RtS0yUn1vhU2Zq6s9sdX:mdJF4CvoctGITknAWZ1ULtGX

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2