Extracted

• • Target

    b1ca4dc79c3ef98789267e703748ac340aa6f84178f7f477e7214f5bbf0bbd78.exe

  • Size

    990KB

  • MD5

    9a4fb2a5a118c7d3feafaf6d439ff40e

  • SHA1

    ffcff130146653cb19addcbba99f90ef07881ad9

  • SHA256

    b1ca4dc79c3ef98789267e703748ac340aa6f84178f7f477e7214f5bbf0bbd78

  • SHA512

    dffdd1031bb2c592c2d58679c63eb623fe7930e348094e15527eb13a66ca5a49f439bd91ca411ec5d590e7ff0c59a6d27b3629daeca687be6ccaeabf5820e017

  • SSDEEP

    24576:ptb20pkaCqT5TBWgNQ7aAAcsRq68Eoc26A:6Vg5tQ7aAA+3JH5

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2