Extracted

• • Target

    Payment Slip_SJJ023639úPDF.scr.exe

  • Size

    163KB

  • MD5

    7437a3e4149fcbeae7a68758b2834986

  • SHA1

    a799bf651a1c4c0d9ec705b6e1d9ae5903fb1546

  • SHA256

    27ffcd71286d5f2f958df742165ff8995288de83072b65d6415d1ed8db0a3aba

  • SHA512

    7576dba8a912ac7ca61165285008a13eb8f69544de4e6f663e578ef14250f58296a78831d8a1f70752ac8d042d71b0dc2cd59217ccb2efa14df3a92dc1b1da46

  • SSDEEP

    1536:GpuePk4jSYamBPGoy9lKPwMYtryr3B+oc5PpLciER4xD7HlrDh6zJT/+GXWprEB3:VTY690ppQKUD0zJTmkWpAay4kzwOCO

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2