Extracted

• • Target

    2385bc1316c82968a13b95bb465c19f7675a6d3504fc3b8c028c00d7acbdc022.exe

  • Size

    910KB

  • MD5

    d70ae089068975f5c914ba70c40c3527

  • SHA1

    b0a81c280689f14bfa4d499955c80155e045e662

  • SHA256

    2385bc1316c82968a13b95bb465c19f7675a6d3504fc3b8c028c00d7acbdc022

  • SHA512

    532dd387f2a6757185aa6da0983d71277c2a7d9774482f27ba6d55478a7035df8b911457523569151be68e45ca6ee0e3a1f3cbff1eaab7d8126454a204532697

  • SSDEEP

    12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLlYQbt2C5QgjUPlNn/pPkJ6GPGC:ffmMv6Ckr7Mny5QLlZbL2gQPl1mJXP5

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2