Extracted

• • Target

    Purchase Order 24398.exe

  • Size

    587KB

  • MD5

    9f9e89382132182cde0649f42b2b3d48

  • SHA1

    31f54a2f7211f87081ce0ace0ba877c44ec07498

  • SHA256

    f68aec391b587697af9129486e056f79d09618af911b62278e4a9cc7083daf90

  • SHA512

    00410d6bc5043591644414b9b3a8ea83e6063e84a0bd9aa9da46d560a289c1a2bed2bde147f99b580dd6329eb180fc3d69796f432b68c1dc6d9c0f898d3e5b3b

  • SSDEEP

    12288:QAWa+Mv+9MnaG/DlmlGLEHWUlaWuDVfrU/kpkqvdxovK+m:iY+OnhJmscWiavVrgkpkqvdxoid

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2