Extracted

• • Target

    d937649959e9f1b398815ba499c2c751_JaffaCakes118

  • Size

    699KB

  • MD5

    d937649959e9f1b398815ba499c2c751

  • SHA1

    269502c04944d6b9e442af35f9e923103e1e477f

  • SHA256

    8c1ba03136ab60409d577c7b61fc4bf858468377ff92f438dad8dff45262b6ec

  • SHA512

    10b3a80cd2ec3afb8ea45614c755758c9b31f9dcf3eebf39517616894407554994192ab4ce196cc69e1225afb07cee134a68f14bb6a42fc943e0a1727e2a57fe

  • SSDEEP

    6144:JsOKSDMpra6UeOiolIJ6rHD/rj7uALWseM0l5yI0gLlfXRAV3lwoMGy:Mp1siols6rHD/rj7uAw15yl0Noy

  Score

  10^/10

  snakekeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Beds Protector Packer

    Detects Beds Protector packer used to load .NET malware.

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2