General
-
Target
f5c4dbef3d934821e183619967022767_JaffaCakes118
-
Size
776KB
-
Sample
240417-pnakjaeg92
-
MD5
f5c4dbef3d934821e183619967022767
-
SHA1
1c17bf19acf83f7d4e6880cf8e19e088bd1b5aa6
-
SHA256
e0b1dc004a3db060f6e6c96fcb8ef22ba4cf94aea42ef4afb40a3168f9d97296
-
SHA512
ad71ba93da29ad6f2089a6897f9367afc7d8998993a697b13fb2a64f1d0076a44e74cb35594e457c229911369d3ac5ad0bb1c4d7c86834aeac61fcf8af3e8950
-
SSDEEP
12288:ZqlVwldf4k+r/Q/aXM15r9wUz+eeEB2CLT+Srd8P:Z4VwA/mDJxem2CLT+Sr
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
25 - Username:
[email protected] - Password:
BkKMmzZ1 - Email To:
[email protected]
Targets
-
-
Target
f5c4dbef3d934821e183619967022767_JaffaCakes118
-
Size
776KB
-
MD5
f5c4dbef3d934821e183619967022767
-
SHA1
1c17bf19acf83f7d4e6880cf8e19e088bd1b5aa6
-
SHA256
e0b1dc004a3db060f6e6c96fcb8ef22ba4cf94aea42ef4afb40a3168f9d97296
-
SHA512
ad71ba93da29ad6f2089a6897f9367afc7d8998993a697b13fb2a64f1d0076a44e74cb35594e457c229911369d3ac5ad0bb1c4d7c86834aeac61fcf8af3e8950
-
SSDEEP
12288:ZqlVwldf4k+r/Q/aXM15r9wUz+eeEB2CLT+Srd8P:Z4VwA/mDJxem2CLT+Sr
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-