Extracted

• • Target

    613308a9ef0289f190c7f9ba6dac4209a93fcbda05d893716a6b40e6167102fd.exe

  • Size

    331KB

  • MD5

    d5fc299eb2708903f3132b09af1ebdbb

  • SHA1

    003efab8f439255094d2b8c63e096682509afb4f

  • SHA256

    613308a9ef0289f190c7f9ba6dac4209a93fcbda05d893716a6b40e6167102fd

  • SHA512

    e8577a48ffee301f2eebc13e2b784d65791dc477d1ff2f0fb761cc0a8d999eef024e8c37b74d070de49fb4538b32227e594e446c19ed4dde85e2f1af29326f20

  • SSDEEP

    6144:ju9K5wR27SQn21/bFSj85xl/B2XiYVDc6q40YBgjMRbtvs:ju9K5d7SA2jS0xviiYSfwM

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

  • Detects executables referencing many email and collaboration clients. Observed in information stealers

  • Detects executables with potential process hoocking

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2