Extracted

• • Target

    FACTURAS PROFORMA.exe

  • Size

    1.1MB

  • MD5

    43723b5f3929b4f27f20a1bef23d7382

  • SHA1

    97b115fafd165021ef7f2c8476a79c9843200f49

  • SHA256

    19ced3f729d628d8b5b44c4f5c508349ece2cf5a730ea8ea893f931b5325b336

  • SHA512

    c68e6edb9902127c03d93c524a62785d4f05ddc91bbba111f47a1f973a262100eb85675a7c6b56b9478256c41e03f75d5f3c2f9c2d4d9b724cb4a4e4f2c141a5

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLUgmGiA48NoTgLTTXZ92uufOCRi:f3v+7/5QLU5GiA4fkzXZguuTRi

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2