Extracted

• • Target

    ebb6fad910c99d151b30733b624e8f7e555eb7de7caaa66d65b9e7114c433f56.exe

  • Size

    44KB

  • MD5

    41bce404371579a1e6db304042d2e72e

  • SHA1

    55378787edb8d473893099cc206fd5554213caa9

  • SHA256

    ebb6fad910c99d151b30733b624e8f7e555eb7de7caaa66d65b9e7114c433f56

  • SHA512

    66e5e32da35d76208dac11bbfa8a232ab1d77f1d08ad377bbe04a33de395ff82248a82dc8f51df9d029ad461ebdb23300d0b549f2bf6149c1ff0b64cfb99af9c

  • SSDEEP

    768:DbynQEfPx5vJYrEXURJ5fTpSgKS08c9YDveruxPhreB3SUFjIHEIx:3ix7cEWZpSgKnUDGA6BZFmfx

  Score

  10^/10

  snakekeyloggercollectionkeyloggerpersistencestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2