Extracted

• • Target

    tax-invoice-0711.exe

  • Size

    526KB

  • MD5

    d25d303ca9ec88e005cbab9f35d4d210

  • SHA1

    3c037df248b5b25e139cc7fc6142e6cd371446a3

  • SHA256

    dcf3ebaa281f05217097685b485ab9b56711ed87679cf755ee82ebfa4479c01e

  • SHA512

    fe416e58f5f32c7807bba84bd3c33376130a841e89afc7b4c3fd10d38c779d1fb1636a4f85501d69e99e8b9aca06ec65538667daa64ccdb259522e584feb00c1

  • SSDEEP

    12288:xf0D4BQWzdAUxsfSWSLne4ZdzkpnRmkYwhX83X4Nu1jW:xhQQZxmoze47KRmkYwxmXk6S

  Score

  10^/10

  snakekeyloggercollectiondiscoveryexecutionkeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2