Extracted

• • Target

    document.exe

  • Size

    548KB

  • MD5

    682e0e22ac2f06d26d24cac1769e1b80

  • SHA1

    1302dd34b80e32415baacafecdfe31d61d0dd563

  • SHA256

    51d366ab87eb5988f96d068d503d21b801b5df4535b8851364e56cbacb8fab82

  • SHA512

    083c2225192987117d84bbbdbca228937f570fe31ca90aaff3a8cf6b4c1822a1b39523424723bc596056823c338cd7db193777b36487cf732bb526176935daa2

  • SSDEEP

    12288:/BvLTWCL5Bj6NdVFB2dDG8DLh3g1prEPwdOC18:RhTmNFB2f2bJfG

  Score

  10^/10

  discoveryexecutionsnakekeyloggercollectionkeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Blocklisted process makes network request

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2