Extracted

• • Target

    Nuevo pedido N. Z21239.exe

  • Size

    943KB

  • MD5

    b0f8780c47cb2f1dbfff0746f71124a7

  • SHA1

    d891f8246efb54f7020b39c0787f1fc656326ac7

  • SHA256

    a033bd54a83b5d3e5734514f69120d9ef835533ae0a64aea48d98f3bccb42be4

  • SHA512

    b0ff180cc232f86c55085adf7553b9d5777326dcaf54e766b2efd060886be05457f0d282019fe6168674c33c55189f221f7753f9f7e2b7f12ce3fbf73a8327ca

  • SSDEEP

    24576:Ou6J33O0c+JY5UZ+XC0kGso6FatAAbS51WY:Au0c++OCvkGs9FatcuY

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Downloads MZ/PE file

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2