General

  • Target

    3bab5a83ae6ad5c2db06ab7cd93ef41d_JaffaCakes118

  • Size

    469KB

  • Sample

    240712-cywjjavdqr

  • MD5

    3bab5a83ae6ad5c2db06ab7cd93ef41d

  • SHA1

    6216d7952c43211d569661e19a3d2113c1791ccd

  • SHA256

    fe7df92181e76423cacfe97a95fca017a027f3dc5c00822389614cd1f6492a76

  • SHA512

    3e5bb9e2b6b770f66465d5867b0d27e7399f91766b9a6de13271b1f81226e469763f51bcfbc4ee794ece2ecd3723f8a791794f101b32751b3d955faea148ed32

  • SSDEEP

    12288:RyR+HQW6hGww0sm7lueFx9KSyOO58tctGjh4Vvz:RyR+wby0sm7luex5yOOOiAhmvz

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1696248561:AAELXu6APanbtx1va3V24yWuQqYB4lDCkBI/sendMessage?chat_id=1594516081

Targets

    • Target

      Purchase Order.exe

    • Size

      481KB

    • MD5

      7f973c2c37a9e858e167b5051cab9bcf

    • SHA1

      86bd925fd67cf521555e21ec108e8f671977ce7f

    • SHA256

      7d66022b23aa84304657d92e2594f56331036896d42538a6aed0f24c9db6ded9

    • SHA512

      531f7cc3dd9c0bed746879d13150d884724989b661ea451fd25bf719ad4b6d55454b4a3b6339f9b8d20231d7a838eb80d0a0b271ac5132718e63e6f252e234b3

    • SSDEEP

      12288:dmd0uLs9Uj4HFS8ZxPaUZNxdALhog+t6k:d/W4xWaZAFoHt6k

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks