Overview

overview

10

Static

static

3

REQUEST FO...20.exe

windows7-x64

10

REQUEST FO...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f33a247e26d6983b12c70d47e5117bee_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240416-lss1wsge7x

  • MD5

    f33a247e26d6983b12c70d47e5117bee

  • SHA1

    cdcd516b448b737d65ad0b10ecbf46c6cbdda060

  • SHA256

    a9a4724beeb4463e0bda523131a8281bac10212b221f57452d2d7a06454634a6

  • SHA512

    c19872c56203fcc0eaf3b8f3f9ab2ceaa78fb36fe1f57ec0aefc629781b66fb13daf095ee8ab5c776bf33e410a2fa6c943ae8cffcba74e82d50e0fd3d9f484e9

  • SSDEEP

    24576:G5MI676DO9fx8Dgyfx8Dg9AW9/gOiEpvWnNwDZFSL:Gt676858Dgy58DgPoO1BWnCZU

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    smtp.fireacoustics.com
  • Port:
    587
  • Username:
    worshippersnake@fireacoustics.com
  • Password:
    _d:rzD~62Jxh
  • Email To:
    returnbox321@gmail.com

Targets

    • Target

      REQUEST FOR QUOTATION - PCIHBV2021MRP27220.exe

    • Size

      1.2MB

    • MD5

      bdacafc76193287481aacc058157b552

    • SHA1

      3f07cd8af332cc05e0faffb4b3abc673c1dbae94

    • SHA256

      ddc80f262bf86345a0be3981054a8bcc1b06635e948365ceeb159688afcb51ce

    • SHA512

      17be9b28d5a2d96e9414b8178589e9e8d0ce159ded86043c1eff061afdd87972fedd3e8e6dcada6dc297706306ce3ee2a10bcd5a86be6bba097c916b125ae172

    • SSDEEP

      24576:35MI676DO9fx8Dgyfx8Dg9AW9/gOiEpvWnNwDZFSL:3t676858Dgy58DgPoO1BWnCZU

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks