Extracted

• • Target

    Shipping Documents.pdf.arj

  • Size

    788KB

  • MD5

    c98b00c93466dc0b283d7c1d5871a39d

  • SHA1

    197c9bebd6b5ca89c6548e706574134a7511d22d

  • SHA256

    9633897157818f56c91c4300139857c51a20ee4aabb79ec3dc828d7ab84b99c2

  • SHA512

    e385f079186e2f3dc5f1c5d81d6921ba3abe48327eaeaeaa46ce503e3834762a4aebacf9aabebf6160a7c0208f7a29018952b7a2614f727523392d8576e3f523

  • SSDEEP

    24576:WBWHO2D1lIp46nxHVd8PMPXWw7Gfrm8E71fWT:WBt/Bj8PyXxGfLEoT

  Score

  3^/10

  discovery
  behavioral1

• • Target

    Shipping Documents_pdf.exe

  • Size

    1.3MB

  • MD5

    52d5a83500d97289b521d9198e2fc7b1

  • SHA1

    ff54ced5e26f13b4ccf460a7374161de6457f7dd

  • SHA256

    0cc5b183c0c6db7ef329d897da4bcbdfdd8833131e486f7f81636789d6f8d63b

  • SHA512

    95dab98bb8e8599ad3d2434ba6d5a1c1591410a603d64d1e2431b08f74df003b665aeb1bf89cf0b3a0a3da136a65cdef97e18f6992688ed6409fa7658e1b6abe

  • SSDEEP

    24576:BqDEvCTbMWu7rQYlBQcBiT6rprG8aM1B6f5B5hmg9LWLahN0IW:BTvC/MTQYxsWR7aWB6BrhmJ

  Score

  10^/10

  snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral2