Extracted

• • Target

    Bank_details_01-10-2024.exe

  • Size

    609KB

  • MD5

    908b4e01217aea4b8b79b4bed2778526

  • SHA1

    1cb803445bf5cf45d608cc20d767db119fe8a16e

  • SHA256

    a9ea13804280c4066a8e1129f82dd18af7f820cf8bfca8ebe2231173065532f5

  • SHA512

    375007b923f46d90a3505da9109066d82a8558447d2a6278624f74024950c8a9534bc11267a3c0f9f8ef8893d86446b15d13037e5147f71b31acda2a9149dd73

  • SSDEEP

    12288:qpp/rwcqyHEPTlP1opk+fD71G0w/NrpTMgerXkR:qptrtEPpdodfDovNrWLC

  Score

  10^/10

  snakekeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2