Extracted

• • Target

    3c5c50b3ba1fb0a871e832829b9464f2d26e67d4cf99da936b1642663173fd11.exe

  • Size

    943KB

  • MD5

    8a957444b30bd6f6d4045b4633cdcb06

  • SHA1

    5a93c152c9c461fb72df00b5fd1e05bb9b152015

  • SHA256

    3c5c50b3ba1fb0a871e832829b9464f2d26e67d4cf99da936b1642663173fd11

  • SHA512

    738b25ae595316603546f7214aa14b9b22e198a4336e921d42b88f28154bc2f64017bc30c8924dcbd3d6d4704793a2c44eb8dd607e81b69a5b41fb519ac32cc1

  • SSDEEP

    24576:mu6J33O0c+JY5UZ+XC0kGso6Fa2VBuKeueWWY:ou0c++OCvkGs9Fa2V0KeuiY

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Downloads MZ/PE file

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2