General
-
Target
ca8702cbc3c66697b1f14f02254226c9_JaffaCakes118
-
Size
531KB
-
Sample
240405-es5alacd59
-
MD5
ca8702cbc3c66697b1f14f02254226c9
-
SHA1
958efe73ef2c0a1df6ecffc0bb502c18869908fa
-
SHA256
1d02b125ee09507cbc1cfb446274c5d380f8d2d43e0083f65d3341d741eb3bbf
-
SHA512
c598eea92315dc19ff2da0e463105656cfc220d2e5a766b48dc384f0f0495e9390cd7541a78a69bc76918c49f39a70123c68f614b5b1a118b268077bbc6b7d7a
-
SSDEEP
12288:xEx7gSLQfoRaww57p6vMYcRtz3YGjeDIyav+f8UV:+x7gSaoRcf2M2CYIfv+pV
Malware Config
Targets
-
-
Target
ca8702cbc3c66697b1f14f02254226c9_JaffaCakes118
-
Size
531KB
-
MD5
ca8702cbc3c66697b1f14f02254226c9
-
SHA1
958efe73ef2c0a1df6ecffc0bb502c18869908fa
-
SHA256
1d02b125ee09507cbc1cfb446274c5d380f8d2d43e0083f65d3341d741eb3bbf
-
SHA512
c598eea92315dc19ff2da0e463105656cfc220d2e5a766b48dc384f0f0495e9390cd7541a78a69bc76918c49f39a70123c68f614b5b1a118b268077bbc6b7d7a
-
SSDEEP
12288:xEx7gSLQfoRaww57p6vMYcRtz3YGjeDIyav+f8UV:+x7gSaoRcf2M2CYIfv+pV
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/mqpdzmdsq.dll
-
Size
22KB
-
MD5
c49786a64061cb1ec53737946be6e6b8
-
SHA1
23aea486baf2da29a164342abfacc42d24c4e2f7
-
SHA256
167ce47c8c1ffb564b0d793f556fa109eb17ab54846e0a5cb79efee53f0a471a
-
SHA512
1d2c0d8243faa8783b73150ddd50aec38c32f980a9d6fd9311495a3c531fbb668b0a74e9c3fc82059ec7a8a9b09cee82c2870b93105f2ac1661eb1e1ef3d3406
-
SSDEEP
192:MniBZI5F6cnX8blqLJRYad+Mj1uvfY0WGZkzLuFqbsk/HxZT9TOBkjtDJoZMcxR4:MnM9lcY546kzLuFMHJOgtDJgnMS9lxW
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-