Extracted

• • Target

    NEAS.7b15eee7380219a4af5a9a5d2380c566c4b54b65d8f548885ad50f502acbd3a5exe_JC.exe

  • Size

    631KB

  • MD5

    51ffbe020abe8aafe935c763b8a59925

  • SHA1

    33d35ac918b348c7ee2358ffe3b2acc6e25182fe

  • SHA256

    7b15eee7380219a4af5a9a5d2380c566c4b54b65d8f548885ad50f502acbd3a5

  • SHA512

    965755fb0b1df5033ce1e8aaf06f982b23d91830daa98febfcf99f6597730ac95a47b6e12f91435944a77b441fd47decce02b10f5d7f9083916fa39b023d42c8

  • SSDEEP

    12288:OPhNh6sxTA6qNhGpZSUTXUJ2HI8OPvultmzTc1FxnPzcb1hGrqaX8BXKDaxHh:OPDDxs6gUpA2HI3vultwc1FxY+ZXi

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2