Extracted

• • Target

    Swift 01_USD Invoice#366801.exe

  • Size

    1003KB

  • MD5

    eb2d676e2d60e8b4b3191a8cfd6fa80b

  • SHA1

    5363e9a1a55b1449c78db906ed251200542b2692

  • SHA256

    4dee81dff39ea19eb98c7e2a3be1dcce934b7104b318f4811e89ccdbb6e92c3f

  • SHA512

    e9d3655258645527d3ba9fbaf28880eae39cdd1623330e9ca49c5346fa70851b51277d21a96f743fb19db66dd8d1a5b6722a0b787bf54fb97288126ac249f27e

  • SSDEEP

    12288:otb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgawTJCETcuA4tFt6A:otb20pkaCqT5TBWgNQ7aIJCb/4Ht6A

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2