Extracted

• • Target

    NEAS.NEASf0caaaebe92baa4bc450b54344dfbd8c9f6c4ee2057a6d289b2c347b8b7ae912exeexe_JC.exe

  • Size

    344KB

  • MD5

    3e133f661b74e398c2906931e0e4156c

  • SHA1

    6d98c3664f8a0e4bda116511579896ebc42f3aff

  • SHA256

    f0caaaebe92baa4bc450b54344dfbd8c9f6c4ee2057a6d289b2c347b8b7ae912

  • SHA512

    a65358735c27f12844e82af76ec4eb0d11372c9f5a2007321bd53c30f554461075b5cdfc376bfb1dac7c91ab20e5d6f011448a9c4b5b79bfa0f4b280d377e1f2

  • SSDEEP

    6144:Bv8hza/coPxII4AdFvkk1VTQ0upQnxk+uuL:NkG/coZIUyW

  Score

  10^/10

  discoverysnakekeyloggercollectionkeyloggerpersistencestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2