Extracted

• • Target

    Deliery Order Report.exe

  • Size

    818KB

  • MD5

    73a86a1bf7f9f17ac6d5f0b001a3590d

  • SHA1

    679ea54205c48b9d025e0e9ecf40865a6057cf00

  • SHA256

    30352cfbcc257fe2f2ed508076a95f1d2dbf00d0953727e7a2a81b7d450cc1a1

  • SHA512

    dc164d05c2e1f8f489db6edcdfeb62171a32b7daca6c07e9309124e3cb032b43879918d196a87c6b8cfde0c88e0cfa57811fd1bc4df09fc2c41da8a17eb4c995

  • SSDEEP

    12288:eU6BlXUVUDS+xkyqshMIfESETkCK8L/M05SiWDBwSmT5JD6:0W+uynB89Ty8z5SiMBwv5J

  Score

  10^/10

  snakekeyloggerkeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2