General

  • Target

    403f34eceedc86a71afe4aaa73953904_JaffaCakes118

  • Size

    584KB

  • Sample

    240713-fcyzbawelm

  • MD5

    403f34eceedc86a71afe4aaa73953904

  • SHA1

    5953895b5b47a16134b4659727a312af751dbe80

  • SHA256

    707b7a71040cf271f095df37823268efda90905603fa025719806b68edf13045

  • SHA512

    b2f9137440475570e414d478c7cdd8553ab11e73f1528284f5211d1ba630bbdf617bd19aca996bce8a04491bd27f4973917b5419a87980f292bd2431a8dbe545

  • SSDEEP

    12288:ewcxouasTQ1ATxEVVVunnLv6pTqyyA+OEV6XEMRjnbRvV:ew2outdWViOpTqz5MRjn

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1696248561:AAELXu6APanbtx1va3V24yWuQqYB4lDCkBI/sendMessage?chat_id=1594516081

Targets

    • Target

      403f34eceedc86a71afe4aaa73953904_JaffaCakes118

    • Size

      584KB

    • MD5

      403f34eceedc86a71afe4aaa73953904

    • SHA1

      5953895b5b47a16134b4659727a312af751dbe80

    • SHA256

      707b7a71040cf271f095df37823268efda90905603fa025719806b68edf13045

    • SHA512

      b2f9137440475570e414d478c7cdd8553ab11e73f1528284f5211d1ba630bbdf617bd19aca996bce8a04491bd27f4973917b5419a87980f292bd2431a8dbe545

    • SSDEEP

      12288:ewcxouasTQ1ATxEVVVunnLv6pTqyyA+OEV6XEMRjnbRvV:ew2outdWViOpTqz5MRjn

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks