Extracted

• • Target

    ea843fea68d8b5260df990e02a53c9c5b6a5b09370ab6be6ef80182e36b16826

  • Size

    896KB

  • MD5

    826bb522c1f84180fc5c919cfbaba188

  • SHA1

    2453ebbbd8f774a7c1ad8fe1fcca8890a6174743

  • SHA256

    ea843fea68d8b5260df990e02a53c9c5b6a5b09370ab6be6ef80182e36b16826

  • SHA512

    628a95c15d19c048654299ad171412bd9350e4c24790eb5f3e61bb09bb6522b8368c7183bc1229af708a776b9a55712e32702a7159b5904e72afa68dee705298

  • SSDEEP

    12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLoehurbKNfnOUH9Yrm26VzgvPwmwh:ffmMv6Ckr7Mny5QLoEu+fzWP6lmK

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2