Extracted

• • Target

    Enquiry209350000.pdf.exe

  • Size

    102KB

  • MD5

    b06f18a6a86086531bc9861b2cf253ed

  • SHA1

    8b87b70c406cc41250eda6cb433505021ff23a75

  • SHA256

    45b72ba1c5edd19744f66a0ce66096eb680576a96fa3ac7ab0ad7d2483f8f330

  • SHA512

    6111ebf5d65b561d4d54990f1044bd6730dcb8b3edd806ec89c1004abd9b774d8c3b55867334cb36e39e3ae99d828c3a767acf443394f2342cca10901598a39c

  • SSDEEP

    3072:IISVIPM8mI8yrQeT9YFDaNUTTYR0iyW88SvovU/s:IlVIPM8R8yXT9saNOTYR588SO9

  Score

  10^/10

  discoverypersistencesnakekeyloggerkeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2