General
-
Target
58d16105f19cc8ec2850fa2bef532d2a_JaffaCakes118
-
Size
620KB
-
Sample
240331-veqhaafc6w
-
MD5
58d16105f19cc8ec2850fa2bef532d2a
-
SHA1
2a3799ea38c2e296d11841516af881ec686629e2
-
SHA256
67e8b70fd0c035c3d046496a16b395a9227ece10413966ba4a439960e7a41aad
-
SHA512
95ae31876865ee08ca6df5bc9e5abff618a11d0e66ef2925150730e91ba7f983991b26e4936a47f307cf81c98364cc010a008df9538773fe349c858386899a4f
-
SSDEEP
12288:MirBbQ+X8+UiDLbRHahuUXF2JsBs8+2mcaJ4MTfr:ZrBbQ+X8+UiDLbRHahuUXgsr+X4gr
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.rockglen.com - Port:
587 - Username:
[email protected] - Password:
@123kmoney - Email To:
[email protected]
Targets
-
-
Target
58d16105f19cc8ec2850fa2bef532d2a_JaffaCakes118
-
Size
620KB
-
MD5
58d16105f19cc8ec2850fa2bef532d2a
-
SHA1
2a3799ea38c2e296d11841516af881ec686629e2
-
SHA256
67e8b70fd0c035c3d046496a16b395a9227ece10413966ba4a439960e7a41aad
-
SHA512
95ae31876865ee08ca6df5bc9e5abff618a11d0e66ef2925150730e91ba7f983991b26e4936a47f307cf81c98364cc010a008df9538773fe349c858386899a4f
-
SSDEEP
12288:MirBbQ+X8+UiDLbRHahuUXF2JsBs8+2mcaJ4MTfr:ZrBbQ+X8+UiDLbRHahuUXgsr+X4gr
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-