Extracted

• • Target

    dekontu.exe

  • Size

    1009KB

  • MD5

    5758229f9353e837db35d9556f8c30cb

  • SHA1

    424e24f9de8e1c014d19772ec4c052820c3e36e4

  • SHA256

    9cf2882c93d6ab624569666974837d2f910412e2e5fcd66f62e655a7448bc693

  • SHA512

    bc807007ff2fb7559345310456a81dade83bfe925c7aa896a46d9394124c531adfe9ef387a7cb94c5d3788d4bac1669131d4884725163b1f94e29b760fe97874

  • SSDEEP

    24576:zu6J33O0c+JY5UZ+XC0kGso6FaDBSRT8n7LvoAWY:du0c++OCvkGs9FaDBSRTgXvSY

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2