Extracted

• • Target

    e-dekont (72).pdf(~56 KB).exe

  • Size

    95KB

  • MD5

    ad61c5c16181fe8ce8fe58ab4bf3d15d

  • SHA1

    656ccb4712cb709b217da2341e3f6069caebf0fb

  • SHA256

    e7c828d9806cfaaa5251e8dfd14b76835a2e8f661ad392de85c6a93059202f40

  • SHA512

    1c5c1f58177daf6744b85cfabc8d5c55b6669bee5acb1e3d64f83695a044a617f6b9d3bf0a21824e3d8ef09ee397dd77cfb01f3066a709c6ca8300dc00167ba3

  • SSDEEP

    1536:lweD62hOc0LT1v7dmsRKEn+s0MP3p/dnfkNH+zORM2k6dRQcWmyzdBdreJAXb4+i:lweD62hOc0LldmgN0MPXoMl63VypeJWI

  Score

  10^/10

  discoverysnakekeyloggercollectionkeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Drops startup file

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2