Extracted

• • Target

    ungziped_file.exe

  • Size

    1.1MB

  • MD5

    294aa30e1d8387a1f810490c59907228

  • SHA1

    5d6b402745679b55132ee21e7f09909b57ddf694

  • SHA256

    bd359e9c378164ced9b83d3b0e76f94bda81911fd848b44aed89275ff7b1c314

  • SHA512

    024f6c6bf6e5d194789e0f1f556d9fa53531506e14078764c56a59a292237384984e13eb56d8cb76a8913e219ddb281bccb68898fb990dc271e0f95c074d3c3d

  • SSDEEP

    24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8a8zoYdLVBTA4dinbn:tTvC/MTQYxsWR7a8z5AGg

  Score

  10^/10

  snakekeyloggerdiscoverykeyloggerstealercollection

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2