Extracted

• • Target

    63036fecb2282ca708876ec916736470_JaffaCakes118

  • Size

    497KB

  • MD5

    63036fecb2282ca708876ec916736470

  • SHA1

    d8d53be728d9a4132072a0d5836adcbe080f1f89

  • SHA256

    8aee126807b53a2f3e4fe2af6056013241c3716fd71f2920e4c12f7af291f232

  • SHA512

    d8f240e60a5529ef0e9e65bb68cca53ca745b49ccd220a054bbdf6511a01d4683a880d8922c62c8eeb2085ecb6f2408da5571cc3a2d8a17a14170825612dbb19

  • SSDEEP

    12288:AV8SK+MOWY7DbXYL4WMySjaWZ72IliNY4dzfAKz:y1hWgXiB4VlUthfpz

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • CustAttr .NET packer

    Detects CustAttr .NET packer in memory.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2