Extracted

• • Target

    3816c5935e5e633380badb5a5c53d9a9_JaffaCakes118

  • Size

    2.6MB

  • MD5

    3816c5935e5e633380badb5a5c53d9a9

  • SHA1

    cb5ad22a5f74ff5e94aabe51c1cf304fb8714276

  • SHA256

    700ff0ef60f57a628651e37a59197ed6af13ed0895d3505c45bd9ea148bcb0fc

  • SHA512

    fea89534ae39cd5365d7e7a5d5677387adae4b50230d45a4c1b6bb4079afcc63bb1e27f87d5eaab11d9923af06df6c609a088d9bc1f26e7042c913814d139872

  • SSDEEP

    49152:toZ0ajbQzlq5O+l4QOnn8jeX+l8uvlhfNf5lWLPNyeL9+hw/USGy7Xk/51HwgG9V:6X0zlC6mt989YJ7wD8Xiyvw0PNFEV97X

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Beds Protector Packer

    Detects Beds Protector packer used to load .NET malware.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2