Extracted

• • Target

    c2a09d27fb379adedacaffc2b869cb1c.exe

  • Size

    657KB

  • MD5

    c2a09d27fb379adedacaffc2b869cb1c

  • SHA1

    a30d40d85d0672d2396bb7e4f3dbfecfee861dc5

  • SHA256

    87876acd533b5e473c1f27bf24ad26a9b6d0e6859186e00ac3efa334711b8f4a

  • SHA512

    8085869876e6a3aa404131a4d763650b295f450bb42ef49db643409e2cfa4c69c5786130bb41b8d588889446e5844acc9501e1dfd669c05bfbf3cd1afd6fa855

  • SSDEEP

    12288:mvDb0oGmX9dlSuSGy1G9ejnA2tfWpQ2pigPIQFIfcSXb0BloaBu:mv/NGmXflDSvGerHfWpQ0nJIfcu0+

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2