Extracted

• • Target

    030c16ffccb55c4a06c3b93d11390e7b2c5b218e220594d45c9fb02f622b856c.exe

  • Size

    30KB

  • MD5

    a3ca0227df6bd50b5003370490c34291

  • SHA1

    4ad313dd3ffb98b09b64b60d7917e7a23f9215f9

  • SHA256

    030c16ffccb55c4a06c3b93d11390e7b2c5b218e220594d45c9fb02f622b856c

  • SHA512

    26c5b2d581d3b4fcb9a9de5b5788aad5a5aea1e565686238e5cc25a011bd6e99e80ccf78f09d9792182233059deb6e31164cb3282d014c5269e01411a1b4021b

  • SSDEEP

    768:pA+1wxzNk46+kBeNpTBZGPz4y/FL7BykIB:pl1wfu+kBeNLuZBykW

  Score

  10^/10

  snakekeyloggercollectionkeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2