Extracted

• • Target

    a7973a17712bb6def98c296393e3161073714539744d2b0f6e7b115fe8f05128N

  • Size

    361KB

  • MD5

    787ea6002e86cb8b3c7b4a4c0060c500

  • SHA1

    017ac6ff804196bb686fa0c73ca6a4766b6f555b

  • SHA256

    a7973a17712bb6def98c296393e3161073714539744d2b0f6e7b115fe8f05128

  • SHA512

    a095742146b74732ca8e55ae376da3b0bb40ae18f9c19beba73649ae45bbcea5495811f3e34270b68e583921b7ce52355b9370023cdfd3f79d592d503f2bdb9b

  • SSDEEP

    3072:m1Did/y4BPIqk2gh6iP40nP05w+VYuyZ:qid/9V

  Score

  10^/10

  snakekeyloggercollectionkeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2