Extracted

• • Target

    8038.exe

  • Size

    938KB

  • MD5

    474fe2de28e815dcd525a3189150c7d8

  • SHA1

    9d854ffaaac15bf2d135feb419a1de6420ce5f67

  • SHA256

    1d80a3621d8d936a6a5d902ff6158705b950346031b233274b9707a6e430df3a

  • SHA512

    606eae85305cd7a2ec6c577afe7af6a852400a89c133912c6708ec4a16440ef191f2fde657ae893ef927104c847d4cb8bf037441b5012e52be5ee62089f43cce

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLQdw3Zi4OfCvltztQgI:f3v+7/5QLhJAfCvl8v

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2