General
-
Target
40527167c8c82a32ca67714706650149_JaffaCakes118
-
Size
367KB
-
Sample
240330-vnegdaah73
-
MD5
40527167c8c82a32ca67714706650149
-
SHA1
32bbbbddc9f231be3a15ceb15ca19da5c964cc55
-
SHA256
274bfa92b353d1924e37441db5ecfa70237d592df53a0122e6e7cfa85056d60d
-
SHA512
6d7f41bcd9a18f4474719757997904c641ff6dc5f611f356aaa65aa977cda0df1187b7d57be85a1e91bd4abef8f5a393d296e1c7e616d9db3569bad18b75d3d8
-
SSDEEP
6144:xVTZVs9ZQ+3HwOPcH5xKd7CuBL+MHbMNyis6Zt/LY54xXRwurTWX9P7DoK:DTZC4oPc0qMHbqO6ZJLIYXRwuPyPoK
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ispirkerestecilik.com - Port:
587 - Username:
[email protected] - Password:
Z+@$6t)NU6qe - Email To:
[email protected]
Protocol: ftp- Host:
ftp://bitrix386.timeweb.ru/ - Port:
21 - Username:
ca59994 - Password:
qsUgh30OStXl
Targets
-
-
Target
40527167c8c82a32ca67714706650149_JaffaCakes118
-
Size
367KB
-
MD5
40527167c8c82a32ca67714706650149
-
SHA1
32bbbbddc9f231be3a15ceb15ca19da5c964cc55
-
SHA256
274bfa92b353d1924e37441db5ecfa70237d592df53a0122e6e7cfa85056d60d
-
SHA512
6d7f41bcd9a18f4474719757997904c641ff6dc5f611f356aaa65aa977cda0df1187b7d57be85a1e91bd4abef8f5a393d296e1c7e616d9db3569bad18b75d3d8
-
SSDEEP
6144:xVTZVs9ZQ+3HwOPcH5xKd7CuBL+MHbMNyis6Zt/LY54xXRwurTWX9P7DoK:DTZC4oPc0qMHbqO6ZJLIYXRwuPyPoK
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-