Extracted

• • Target

    INQUIRY SPM-2412547 [W_ID36-61442].exe

  • Size

    1.1MB

  • MD5

    064a3d834a62d73b76d9c91e36b98e05

  • SHA1

    c036160cb0ff789a41b21a75b4fc47cd718f49bc

  • SHA256

    b821ff32a1b0314cfa230a212103305d18695e4c95e3d94fd69097db8019833c

  • SHA512

    9d65b5f225261e764f74db0755bad4156cb5c3fd897510477945ca23fa220df324891b4a6719cd935196f3ae0186483a183bd5d7df461cd705863307337d7ebe

  • SSDEEP

    24576:9tb20pkaCqT5TBWgNQ7aExRr0EEFcdo6A:uVg5tQ7aExReFN5

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2