Extracted

• • Target

    SG-07298.exe

  • Size

    710KB

  • MD5

    38bd1b561d005a7c0129316426d367c1

  • SHA1

    0864c53abbf5e2840a44cd4e9c03547a8d073af0

  • SHA256

    a8c8e3adb2bef3f30d34591b2fe6a42d53038d9773938e6fa0a7b4f8b90e9f37

  • SHA512

    4e33bf37fc0bffdf94d2c7d025e1c865bca5da3d1863037b1cc4b53ee7cccec36a10d2510b3a68d5714db8b79b563ae0aeeddd58820a5352a3eae1729c369f2f

  • SSDEEP

    12288:pcJnkWkNhSkhuRif7RCIS7JhDx2TSEWenWw/Y75v7e4SsmvE8ZXb:cnkNhSMuZI2Fx2XNnWp5v7e4dQ

  Score

  10^/10

  snakekeyloggerdiscoverykeyloggerstealercollection

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2