Extracted

• • Target

    inquiry#1523.exe

  • Size

    82KB

  • MD5

    af2b325becf3f12462529b961699557a

  • SHA1

    88da506a656c9ba9615e4134234084bd5c6c086f

  • SHA256

    365b8dab76c07e3c7ea3cd4a9d683265db5210b6b9a30e9dc520f358b829d30d

  • SHA512

    114e5bae2cf466ae6d7ace9728cac19e738dd5aa532df07b082d42fab22b7a2f286a606a6c476d4cbbea6c8f14804e300ca0e76d634e75ba22c0a8fecc6dad96

  • SSDEEP

    768:v632KhVO49eYJBvmCcQw5cEpYinAMxEP:ymKP9JBvmnQG17HxE

  Score

  10^/10

  discoverypersistencesnakekeyloggercollectioncredential_accesskeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2