Extracted

• • Target

    Updated SOA#8203204927107#.exe

  • Size

    2.7MB

  • MD5

    6f8faaa0b38d96d6a22e77ef6bb92c5e

  • SHA1

    5fb6a749371864c0a0a4c5be6faee65385126976

  • SHA256

    89f1983ad923c2485a4b4e06b168a096546d35fd90e88d26485756a37fc4a829

  • SHA512

    5c2207467d8b530f86c9d1140fe807d93ff5bbe536c2cb07ce125dc55a2409378dd7fbcbc6bddb0a09d6d0db51a727d075e1bd922b2f230489d20386c93aa241

  • SSDEEP

    49152:soZ0ajbQzlq5O+l4QOnn8jeX+l8uvlhfNf5lWLPNyeL9+hw/USGy7Xk/51HwgG9d:xX0zlC6mt98S2mnwQ1a7r

  Score

  10^/10

  discoverysnakekeyloggercollectioncredential_accesskeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Beds Protector Packer

    Detects Beds Protector packer used to load .NET malware.

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2