Extracted

• • Target

    rlgh5walrVUMJyT7.exe

  • Size

    802KB

  • MD5

    420361f15c6b5f83e2116a38dfc30be2

  • SHA1

    667f02f4d72f15699a3438a48fe1a04b6d739332

  • SHA256

    ca24c73a0f1820042d015e2d96c97c08a37cda6cda766e609f9e33970f269fee

  • SHA512

    fe7159d8e78def63fd2dfc769277fd85ed6b65d21e2aada052304630af3a9746d007c924b03ce370e016b77ac61c465861b9e598acc5f08cb5f9dfd592f64b97

  • SSDEEP

    12288:5OBUrzYDpGDWN74lZK6Jp61c9ZUBYJxnPN9/vs8:XXMpGy7GZK6JRZUGJhF9/

  Score

  10^/10

  snakekeyloggerdiscoverykeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2