Extracted

• • Target

    e080f9706527c90237f613bdb674112e2b5a6e2e14138498dc31397661fb7efb.exe

  • Size

    1.1MB

  • MD5

    e82db51cc781d6b53a1c430334237d8b

  • SHA1

    8631d3b51ad60a2172686bdca75230db1d4d980b

  • SHA256

    e080f9706527c90237f613bdb674112e2b5a6e2e14138498dc31397661fb7efb

  • SHA512

    b191c4a30b68cb840f28e043c9237c0f536703096f2021716480adff82b8e53c0342d95668e6d5f3e766801cf03fc39277af4916a7f17e906de5b806e7996dcf

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLnkIPciTUDAfsPKSqS+7:f3v+7/5QLbPBXx97

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2