Extracted

• • Target

    539ee7af02fcbd28659831dd774581f76ee66ca6238d12af286158f2f343f3b8.exe

  • Size

    2.1MB

  • MD5

    022dbaa1df24d488b03ecb058a521613

  • SHA1

    9f12948c741b6b27cce58d4cd804a2f988feddf2

  • SHA256

    539ee7af02fcbd28659831dd774581f76ee66ca6238d12af286158f2f343f3b8

  • SHA512

    1d23c5d6a8b384e2c746865da221a14d6cb7f9260597c4785ae527798e9215027bbc089b5214389ff2bbae180ba6cbec547df6c5d901ff6a56d2fb4909e50880

  • SSDEEP

    49152:0l328U2yfZrnJhlp9tHfYoEaTSiz23THT3WSMpDgF/qB0Rj6KIeVSc/zui:a30DfJJhX/LEQkF/qBk6K2c/ii

  Score

  10^/10

  snakekeyloggerdiscoverykeyloggerstealerupx

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2