Extracted

• • Target

    94ed0ad698b1470d7364636ff6aee090N.exe

  • Size

    679KB

  • MD5

    94ed0ad698b1470d7364636ff6aee090

  • SHA1

    78e39c6184a2bcc9ec33f95c6b79cab3ca86d5ff

  • SHA256

    3677cf4420ea109838c13c5ee7998a664faa088b70c1c6c211bdabc6e1ef1fa8

  • SHA512

    dd0eef9c8e7bdf570402d6fdcc94e67ad23e4988f1aa72475835d5e96a9c8f92ad75d8a49508afd0be34674ca7aa3e01cde0c54f9a6dec487885e0d82c4d529c

  • SSDEEP

    12288:6sHzOUNUSB/o5LsI1uwajJ5yvv1l2BTOx7AACuYz4fMmcO0:tiUmSB/o5d1ubcvGuYsfMmB0

  Score

  10^/10

  snakekeyloggerdiscoverykeyloggerstealerupx

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2