General
-
Target
aac2b9c21e1d1dd48035677164b421dd_JaffaCakes118
-
Size
418KB
-
Sample
240404-aqgz3ahb9z
-
MD5
aac2b9c21e1d1dd48035677164b421dd
-
SHA1
f472607429d90c1a4b597e195a712492111d06f9
-
SHA256
55922cb5afe2b53f46a2c8080747c94d00901d49e93e0ee2ef1fee22f7fda164
-
SHA512
76bb7f534ceb2e9a1cb0a9a9d9cc553b9d4b46925e45d4d0bcab139988a3bc8b407a33cc5f869395d1be0792f3b614f39c8d9f5ca4cd1c8b10cfad57ed48064e
-
SSDEEP
6144:luux2PfPY+G4LCPhlceA0laZPc034SVmBSi4PZzZn7MkhB26YB:JEPunjVQlc64SNiMz6SB2D
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
[email protected] - Password:
$Faks1234 - Email To:
[email protected]
Targets
-
-
Target
aac2b9c21e1d1dd48035677164b421dd_JaffaCakes118
-
Size
418KB
-
MD5
aac2b9c21e1d1dd48035677164b421dd
-
SHA1
f472607429d90c1a4b597e195a712492111d06f9
-
SHA256
55922cb5afe2b53f46a2c8080747c94d00901d49e93e0ee2ef1fee22f7fda164
-
SHA512
76bb7f534ceb2e9a1cb0a9a9d9cc553b9d4b46925e45d4d0bcab139988a3bc8b407a33cc5f869395d1be0792f3b614f39c8d9f5ca4cd1c8b10cfad57ed48064e
-
SSDEEP
6144:luux2PfPY+G4LCPhlceA0laZPc034SVmBSi4PZzZn7MkhB26YB:JEPunjVQlc64SNiMz6SB2D
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-