Extracted

• • Target

    PURCHASE ORDER PO 428 $ 477.exe

  • Size

    666KB

  • MD5

    8f87cc941a19f7866de8e0a39e27e892

  • SHA1

    fd1f0673716bd5ae106f02f49c7e5eb14a6e74ae

  • SHA256

    d07f3d05d91790637901f276b2b2a13ae4006768c22d9e6576a283a916530e38

  • SHA512

    f5fb87ed54a707a17f5883bd083b84dade1ebe866dd72af1e495b3bfc65f535bb5787f310b44b91fac2534131fc2f9ee978e040fcb4ef0ec0380763956e9c44d

  • SSDEEP

    12288:WKOlbxr0Zu0IO8DfpJ3j1V2Yw+iDMqQ/cEpxOyZ+cstDu2Zhrxtk+i6TIC:Fu/fpJL2cbqiYrAh

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2