Extracted

• • Target

    08906dbeb1ed27f70d9df7b816ec1ac1549b13be10fb9532cf83dd45a135909f.exe

  • Size

    1.1MB

  • MD5

    4c97fbfa4b78e38b1c65cf52d9d00634

  • SHA1

    c8aee94638edc06f4ea0de2bce573fb9066bab56

  • SHA256

    08906dbeb1ed27f70d9df7b816ec1ac1549b13be10fb9532cf83dd45a135909f

  • SHA512

    3755fd62c79ed863aed66bb3302d0d3d83feb3640447facbf191c7480e013799bbb540f0052fd10b6693918bfba528ba1b0b716ea4fa446ccc779fa7d9db83ab

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1iaCHDj0HLEihmcPTdZH:7JZoQrbTFZY1iaCHDoHl8ETdZH

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2