Extracted

• • Target

    d71962c5ba36d09ea4b9f31c1b6937ba_JaffaCakes118

  • Size

    619KB

  • MD5

    d71962c5ba36d09ea4b9f31c1b6937ba

  • SHA1

    1be95522e6b15507e927f1f6d68ebcdbc7803792

  • SHA256

    b1f6925c271c251a6b8cb7d2bfcdba61cceedd6660b31e4e12e56a5f4ce5a4b0

  • SHA512

    e76ead74b5b03693c71d97aa98eff9cc0649bdcd1c04237399b61b3c08cb0ae8761fe6fe8b49dc8f11d9dd06fbabf586ca97cf732c67f39dea50d6a072586cd0

  • SSDEEP

    12288:GlFQMG0fwkDKdUPoJSnyOkFnp5zXv2tR:oFpG0fw/QoJSyOkn6t

  Score

  10^/10

  snakekeyloggercollectioncredential_accessdiscoveryexecutionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Beds Protector Packer

    Detects Beds Protector packer used to load .NET malware.

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Drops startup file

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2