Extracted

• • Target

    Documenti di Spedizione AWB_5771388044.exe

  • Size

    956KB

  • MD5

    fa3d6390bb87448cc33cadec460e06ca

  • SHA1

    6366ce303561a46b5893f14e78458d68b58f1289

  • SHA256

    40de7a4f28d65cd030aa0a65d22b32b812bffbfd66b959a4cc5821677a9e6b77

  • SHA512

    6780888b14b71c176ccd307b11910b067ea73d1fbfca654556e9708db3dccc42bd4d9d4b727e3b9db9d6a8751bf1a3aba6f7500190e0da833195da9758ef551f

  • SSDEEP

    24576:wu6J33O0c+JY5UZ+XC0kGso6Fa71MBvlIWY:6u0c++OCvkGs9Fa71MdlY

  Score

  10^/10

  snakekeyloggercollectiondiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Downloads MZ/PE file

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2