Extracted

• • Target

    CVConstanzaMaranon..exe

  • Size

    662KB

  • MD5

    e47f2d9717d088dea7b10a92b1750d84

  • SHA1

    e85ae1f39df03fff301835728ace331d84bdffba

  • SHA256

    7c79eb411ed860b232dbb4b7a63f08987b1caca1103e668185571a0c45d32de6

  • SHA512

    14cc4e298f60d159a11a9bf349e183334efddc3cf220c54f9c0bcb9d60e5745e0b1d24105072cf7c1ced80ce860d5131f1260767370d4803a4a3a97cac507b26

  • SSDEEP

    12288:0qGih5k3RIDdoAxMNqJLctHD7fC6Mt0/mbzhjC5+:m+5oRIDa3tjPMtqB

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2