Extracted

• • Target

    INQUIRY#46789_JULY24_Waagner-Biro_Bridge_Gulf_PDF.exe

  • Size

    596KB

  • MD5

    bf3859ec3e62336825a3a771cab003d7

  • SHA1

    b1b10e05ee0ad49b262e187a1e72d806c2b801df

  • SHA256

    3ae42a57533de246fd315e146064cf3fd9b466e0450b891298cdeb79ffa44d24

  • SHA512

    e23aa6f95903b1b9bca1149b5cd2f9a53050c58639df03eaddaae87b134cad3601f9aaae7946e943730f3022c3fa6649dce5735f3148a205d529ae18337fce52

  • SSDEEP

    12288:9r+oHDm3BygOebEJvhqHr6qJZrm7JHp+NMRN+p/wRyTooYkxiNtu:d+wDe9OeOvaeb7iytu

  Score

  10^/10

  snakekeyloggerdiscoverykeyloggerpersistencestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2