Extracted

• • Target

    39d6afe5692079df30e75663f459d0e4_JaffaCakes118

  • Size

    298KB

  • MD5

    39d6afe5692079df30e75663f459d0e4

  • SHA1

    6bf764e164447dde5c39b8abbb12288379a69f33

  • SHA256

    94599985eaba6ba050b0be5c1aa3fd3f5bb469190b6a7a9f81d2c930b69bef38

  • SHA512

    73c7a67cd66a7ef03dcd9673773c41c15a0e7bfd328b10c43b61e14d14b392fa79891bcef54f978d5a17364cbf69afa4ea63e35a3b4ab7a841064004d3ef00f2

  • SSDEEP

    6144:XAGQgMkhBJUnPFWByu1tgdMgfh8JJulwz2quwif2U6:gSByPU8ytgNoJulIpuXf2U

  Score

  10^/10

  snakekeyloggerkeyloggerstealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2