Extracted

• • Target

    t_d_14b6181455c3e32793109b986099e80ccefa68fbc48b0fd5d07beb5cd4cc4520_exe

  • Size

    138KB

  • MD5

    58a6acecabac60d31bacdd30909101e0

  • SHA1

    f6c9c618ee74853355446711b64dd72f853d5297

  • SHA256

    14b6181455c3e32793109b986099e80ccefa68fbc48b0fd5d07beb5cd4cc4520

  • SHA512

    691485d7a1aec7bf406052b4b7d60045f409b9b7e971fd9427d2db1d6a90cc5f4173fe6c5e1f00b411b0cb2e17f72dcaef75ce07f97a4d19afb561bdcc8966fe

  • SSDEEP

    3072:YWpyRowPM+sfHoPIaPQuF5Bcd+NlBvCL:JUowPMPfHAbPQuHBcAC

  Score

  10^/10

  snakekeyloggercollectionkeyloggerpersistencestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2