Extracted

• • Target

    NEAS.04884117ed7dc9b603b5f3d53ab43a00_JC.exe

  • Size

    510KB

  • MD5

    04884117ed7dc9b603b5f3d53ab43a00

  • SHA1

    fa98639b21de49163a6f53e038aca67f354c5089

  • SHA256

    f07e272d05e89d07880d66e8943707f02747d906ba56520c67712aeaee183560

  • SHA512

    b10247a7336a6c175930cf362c837b6c249ac6bcf65338dfd23bad2538f5ec8abf96ed793b2802134dfd0f655dc5d2bc773f24857554a9f159c5cb40ba1f19d4

  • SSDEEP

    12288:SNCvo5kPKwgCR+bg6VgogpPxsRN47jMpodd9Q9G9:SCvoEKwgCR+bBgre4PMil

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2