Extracted

• • Target

    NEAS.NEASNEASc41b3639173707dfe1b070b92c1b3ed4ed451be6595fa150b930a7dfc4efd2afexeexeexe_JC.exe

  • Size

    532KB

  • MD5

    12bbcd47078601a66f15749bca45573a

  • SHA1

    ea72daecddca36a8acff3c0a8c059e76dde79aff

  • SHA256

    c41b3639173707dfe1b070b92c1b3ed4ed451be6595fa150b930a7dfc4efd2af

  • SHA512

    986c1087b8f2d0851389911b6b8c08f6453b602fc633bf3cdfc484a4cb2513af63dd8cac059ff3c15601c4855a7cb5544f991a76c6802653fa3863e9ad086a1a

  • SSDEEP

    12288:nBLXmsrJM1lmxJm83L6XD4JZyGdDtlUWZJs8UcGf:BLWiMAb3ubGLljnl/Gf

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2