Extracted

• • Target

    PackingListU0190219xlsx.vbe

  • Size

    14KB

  • MD5

    48d02287f3c633ccf96c6f01acd5ca9f

  • SHA1

    2ad6405243f648937727731608d638c495b2fe46

  • SHA256

    e575a3ecc136ad114643bbd7beb2ffc3d5550fa66955bd2c8f4ef4394e11dc87

  • SHA512

    4835bb0f03bfb204e3aba46957af08f02889f7b43c60017151eafc479ba47e6ab50f6caec9cbb07cce4a6a600e6f7c576068d300e65bf762d7cf3cc59673d3c7

  • SSDEEP

    384:GA79Z5lXWUBFplgtfcQ///y+KAhxF2asn:Go5lXH9atx//N/TIn

  Score

  10^/10

  snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2