General

  • Target

    3fe2596f06b31058fb5614b5d9f7bc0f_JaffaCakes118

  • Size

    682KB

  • Sample

    240713-c83qlascrn

  • MD5

    3fe2596f06b31058fb5614b5d9f7bc0f

  • SHA1

    6940ec12152682a3c89a305b3ec8fdb3fbcccd20

  • SHA256

    14aa67b289452fbb68197a676f9a291aae35cd72c3bc7b425e7c42645aac6d65

  • SHA512

    b04a6f6127c93487df80485adc65af14060e8c931dc3cd500b0ef5fe0f5e45a33dc6e02a308c160485612ce30bef4a4d369e9c15d3eb0a52ae5041201dce1716

  • SSDEEP

    12288:JDs0V8RmEVoxYZuCTLWIZZBNt43NEemWZmqj:dnyRmEZuCHLNt43Nkw

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1171994922:AAHrYAv7JIpM5hzPMScAJJOdE7TBb00NwJY/sendMessage?chat_id=1194949947

Targets

    • Target

      3fe2596f06b31058fb5614b5d9f7bc0f_JaffaCakes118

    • Size

      682KB

    • MD5

      3fe2596f06b31058fb5614b5d9f7bc0f

    • SHA1

      6940ec12152682a3c89a305b3ec8fdb3fbcccd20

    • SHA256

      14aa67b289452fbb68197a676f9a291aae35cd72c3bc7b425e7c42645aac6d65

    • SHA512

      b04a6f6127c93487df80485adc65af14060e8c931dc3cd500b0ef5fe0f5e45a33dc6e02a308c160485612ce30bef4a4d369e9c15d3eb0a52ae5041201dce1716

    • SSDEEP

      12288:JDs0V8RmEVoxYZuCTLWIZZBNt43NEemWZmqj:dnyRmEZuCHLNt43Nkw

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

    • SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

    • SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

    • SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

    • SSDEEP

      192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4

    Score
    3/10
    • Target

      lz0xkoqy.dll

    • Size

      11KB

    • MD5

      1dc8118acd04962a04f537c7dabe17be

    • SHA1

      c04648b207433324803c595b22efaafc2423bfd3

    • SHA256

      de757495d61e622adffed7588acdb5eba2f18734c13eaf9e25949779f2cb75fe

    • SHA512

      54107302bff8bfe9179f969f13045f83281ae9aef8ab2e723f0aa540fc46dc86d2a23b79ecfd6700b2fedbf3cf729a0693887bbad772fa993a5a7ee8bb9c0475

    • SSDEEP

      192:IRkq0eddH2mOTFM6tlPFfYamGaGQITKzWAg8CRuDqxz6:QkS8FMOl9g0aZITQ6R5

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks