Extracted

• • Target

    Quote_106_063.vbe

  • Size

    11KB

  • MD5

    2f7e74b698bd48fe873018a6304eabe5

  • SHA1

    a561aa743006d13d5733aaaf63220d86a2438b53

  • SHA256

    857017abf4a3e0d9acbcffdb6dd10021cfb978f808c30931fd09a78f9c4a902d

  • SHA512

    297b03ed294f0061ce157ebe278c9eb2cae4e91d30e30810b41f4559ff373eb61a333f297a4a24699d5289048d668a7fc0dbcd16b270851e48a39293af9522d6

  • SSDEEP

    192:d11I/jLXBasxp+Srh/vA0XsBDBvbpXfp1mufjqd/bznUc7gOVdvsvzeNlek5MCWb:X1I/jLXHxp19/5WFvbBp1muLqdzzxJVo

  Score

  10^/10

  snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2