Extracted

• • Target

    SGFDPPIOPP.exe

  • Size

    1.3MB

  • MD5

    991e5c99125ba67d0dd87ec449c78ad7

  • SHA1

    b197e14f20236da5ff190da8f73ec595a54d44d1

  • SHA256

    d49b14dc92b8193db3e087bc2ed25f155c195f8f47774da85bf84a45716a473e

  • SHA512

    0a0bf9d72d9e7d051f55d1a773a8e7e0511e64d37e71d0e33d25c609f1626e2c7af12bf3359025e97c1c71fdf64f8885863b932607b2089f45ad67100b4108d8

  • SSDEEP

    24576:+qDEvCTbMWu7rQYlBQcBiT6rprG8axfwTWK6F1791YQ9i4Opu/2D9f:+TvC/MTQYxsWR7axfVK4V9Hh+D9

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2