General
-
Target
e0b1534a2fbb5d7ec924f2b3ca0d2941_JaffaCakes118
-
Size
294KB
-
Sample
240406-kxtbsaeg5w
-
MD5
e0b1534a2fbb5d7ec924f2b3ca0d2941
-
SHA1
51790a288b7454c989c06ced70bf48189ef0fb20
-
SHA256
1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11
-
SHA512
98d5454b5ff36c3d8295175b6a4809edc63d0f41bc41e83a012f844d8f9f63bb3e19d8076f29d403dca48afb5909f0b2ee6ecbd74fb2cbfbc04976240b992da7
-
SSDEEP
6144:khqSB9ekI/2nJK90HVB1sLmrOkHcI5xEau31hAN9awMkhB:MqS6qJKa1BuLicSxEas1h3LSB
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.medidentalssb.com - Port:
587 - Username:
[email protected] - Password:
Admin1423 - Email To:
[email protected]
Targets
-
-
Target
e0b1534a2fbb5d7ec924f2b3ca0d2941_JaffaCakes118
-
Size
294KB
-
MD5
e0b1534a2fbb5d7ec924f2b3ca0d2941
-
SHA1
51790a288b7454c989c06ced70bf48189ef0fb20
-
SHA256
1f990c973ea05f2f378b060bcaa6a722c76533317b5700215684ea89f4307a11
-
SHA512
98d5454b5ff36c3d8295175b6a4809edc63d0f41bc41e83a012f844d8f9f63bb3e19d8076f29d403dca48afb5909f0b2ee6ecbd74fb2cbfbc04976240b992da7
-
SSDEEP
6144:khqSB9ekI/2nJK90HVB1sLmrOkHcI5xEau31hAN9awMkhB:MqS6qJKa1BuLicSxEas1h3LSB
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-