Extracted

• • Target

    DNXS-04-22.exe

  • Size

    868KB

  • MD5

    64932c473d74fbdfdb706a094543cf37

  • SHA1

    f19b8960681b56cab45a9f14871108cf4d522251

  • SHA256

    8b9dedaa09d239667dd9cabe0c7efab61712868b32ebb3a50110df8980823ce9

  • SHA512

    1f662c50b378e5be0dc6faec894fb7266417b5ac2952583efdb6801f873bd5c52e3a6d8d001491ee668c1142456ef33d606f2be7be6749840ac819b70d0023dd

  • SSDEEP

    12288:y2iNzeWFm+1okFwe6N9LtinuoFZK4s5ehC3s5IrA6tN/uYiXdwsh:y1tRFm+1okFPOtT4OgC3s5IlNxi

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2