Extracted

• • Target

    doc22042119500.pdf.exe

  • Size

    1.0MB

  • MD5

    70f47b02d8f79ac207da3ee5d4eac29f

  • SHA1

    a170afcbce17ab9471069728d88dc2a1f9229cd5

  • SHA256

    3bea986bab8cae3a2a1f7ccb0cd948a4c72cd6ea55b7169948594f6c64f2f5ad

  • SHA512

    39f2470c2f3b7865227777e5182d5c34660b247824dae39eced2800c9873e87380ca935b4fdd63221bd408c57cd43d46a56abd047b2effa9bed63f59a2f7e227

  • SSDEEP

    24576:Gu6J33O0c+JY5UZ+XC0kGso6FamBSyrDRFCgWY:Iu0c++OCvkGs9Fam0ypWY

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2