General
-
Target
ccaef010022ac29c8f9ed0a2731493f9_JaffaCakes118
-
Size
289KB
-
Sample
240405-gnq9aaea77
-
MD5
ccaef010022ac29c8f9ed0a2731493f9
-
SHA1
f96a421cabd4431dd4b5c3c2459486b457b5b0cb
-
SHA256
2012f292ee23f1e7281ada06282fd71520e9a56533196377d9cdc7e4f89ceb55
-
SHA512
b3abb9fdcb7b7db01d48a064601efbae08cdb7922efd1daae2b5f686190e809e94a1b5105cd958433733d4df04143767b9da7b6de57b57d9f0d8e714c4948f47
-
SSDEEP
6144:os9SbXWZsg0MdY83zFUnn3aSoeQuWibOyusrKDtsvMkhB:os9vZsgWKFUnn3jQufyIrOKUSB
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alliedhealthga.com - Port:
587 - Username:
[email protected] - Password:
Sisterk1 - Email To:
[email protected]
Targets
-
-
Target
ccaef010022ac29c8f9ed0a2731493f9_JaffaCakes118
-
Size
289KB
-
MD5
ccaef010022ac29c8f9ed0a2731493f9
-
SHA1
f96a421cabd4431dd4b5c3c2459486b457b5b0cb
-
SHA256
2012f292ee23f1e7281ada06282fd71520e9a56533196377d9cdc7e4f89ceb55
-
SHA512
b3abb9fdcb7b7db01d48a064601efbae08cdb7922efd1daae2b5f686190e809e94a1b5105cd958433733d4df04143767b9da7b6de57b57d9f0d8e714c4948f47
-
SSDEEP
6144:os9SbXWZsg0MdY83zFUnn3aSoeQuWibOyusrKDtsvMkhB:os9vZsgWKFUnn3jQufyIrOKUSB
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-