Extracted

• • Target

    SAT09867890000000.bat

  • Size

    365KB

  • MD5

    6e5fe2e8102810fa8c41e1708f5bad37

  • SHA1

    866abdd7b659a470079b2cebb8c1e375a14dfe81

  • SHA256

    92bd760ecd8223c94862932a852fba8f1c386f5eb1eeaf6e88da948baa10c024

  • SHA512

    4e48fc62c0cf63b65ec427f1e759e1d0e07762a9fc7bb2601e9efadbe1de3e185de62a00fb30ac9445cf5d638f02d7ed99d3b74a68f59cbc8db5bd0d17db2494

  • SSDEEP

    6144:CAY8QgjLjLzmfTi0rueeKeUnj+ZhcqCgT+0aRrqYsGdh1BiOFnAx:RXi7fr5e9DkqCgy0uOxc3BiOFI

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2