General
-
Target
ab9e2bf770b723bace825313e41f3c35_JaffaCakes118
-
Size
664KB
-
Sample
240404-bkbrjaaf66
-
MD5
ab9e2bf770b723bace825313e41f3c35
-
SHA1
f1ca1499577341a5db5ad7d7a4073c8cf281fc19
-
SHA256
a549e92b9e4b8ef9730d225b92a6c599e842b4cb94cb56866bc1601b4f1c6b29
-
SHA512
0529602a775e449c7ddb2a98ea992aeff0ac41007b0f581f08fec12da0a34ee78f776f176c882963c122eb172103ab3b92151c821b24307c4f6319e995fb883d
-
SSDEEP
12288:eO14eIDPUS6PZnOuyWGUW4duBd3X3uIIIkIxV0DT:eOCoPLVGUW4gBd3X3B+
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
budgetn.shop - Port:
587 - Username:
[email protected] - Password:
rSJ9l_d%#+1Z - Email To:
[email protected]
Targets
-
-
Target
ab9e2bf770b723bace825313e41f3c35_JaffaCakes118
-
Size
664KB
-
MD5
ab9e2bf770b723bace825313e41f3c35
-
SHA1
f1ca1499577341a5db5ad7d7a4073c8cf281fc19
-
SHA256
a549e92b9e4b8ef9730d225b92a6c599e842b4cb94cb56866bc1601b4f1c6b29
-
SHA512
0529602a775e449c7ddb2a98ea992aeff0ac41007b0f581f08fec12da0a34ee78f776f176c882963c122eb172103ab3b92151c821b24307c4f6319e995fb883d
-
SSDEEP
12288:eO14eIDPUS6PZnOuyWGUW4duBd3X3uIIIkIxV0DT:eOCoPLVGUW4gBd3X3B+
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-