Extracted

• • Target

    Soa.exe

  • Size

    940KB

  • MD5

    32c473da08e7d07464f3632f81792436

  • SHA1

    690988213510ae6cb1b03306c51e408670e8c4c4

  • SHA256

    7c8fefbe9b0778ca074d9c110d8c9bd875bdb08eb9fdc697c395cf6aea5581c4

  • SHA512

    acf354ec39a72d5142a668cfc451e2fc80668a6193d324991b90fe811cee19f7a8bad015fa9a99ce708d2d402810660e6d5759b3bc2d74f44379c86f832ed310

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLcFv7lpvrt6FNJiMSn:f3v+7/5QLKvppvJ2M/n

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2