Overview

overview

10

Static

static

3

dc83500f11...18.exe

windows7-x64

7

dc83500f11...18.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

jy2091qep.dll

windows7-x64

3

jy2091qep.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118

  • Size

    452KB

  • Sample

    240912-svwm5a1fka

  • MD5

    dc83500f11eef58ddbb21c9dd2d17729

  • SHA1

    46b0de105332e090806d5e95f38ee0a33c10ad3b

  • SHA256

    2160a2fba2efc22751b82cebb9d4ce21dfe35782cfb21bbf512687f413b80e65

  • SHA512

    b1289ae61523b0e170a434361e727bf5e0e0043c4596214b4823e6c961ace6a61b796adcbd459cbdcddab3c7d9ff3236ad81a9d88f8a9ca31206a90fb1c127ad

  • SSDEEP

    12288:RH06XwKIhiXX1oJMdqvEu6XFhCQxy1Hex/pKAQb9NsAm:9frX1oJwqvEujh2xiBm

Score
10/10
snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.potagrup.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Pgrup@2021

Targets

    • Target

      dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118

    • Size

      452KB

    • MD5

      dc83500f11eef58ddbb21c9dd2d17729

    • SHA1

      46b0de105332e090806d5e95f38ee0a33c10ad3b

    • SHA256

      2160a2fba2efc22751b82cebb9d4ce21dfe35782cfb21bbf512687f413b80e65

    • SHA512

      b1289ae61523b0e170a434361e727bf5e0e0043c4596214b4823e6c961ace6a61b796adcbd459cbdcddab3c7d9ff3236ad81a9d88f8a9ca31206a90fb1c127ad

    • SSDEEP

      12288:RH06XwKIhiXX1oJMdqvEu6XFhCQxy1Hex/pKAQb9NsAm:9frX1oJwqvEujh2xiBm

    Score
    10/10
    discoverysnakekeyloggercollectioncredential_accesskeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

    • SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

    • SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

    • SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

    • SSDEEP

      192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      jy2091qep.dll

    • Size

      18KB

    • MD5

      a393df2af4708ff2592687ff4ee343b9

    • SHA1

      19b5212fc5dbd673f7e4f78c52b6c0ea33121d85

    • SHA256

      eea2ac27c7db126176b9cbf245328c9acb06665995f1212cc28792304ca3f6f5

    • SHA512

      b960e1ad593a17d94cacec2ef4e30c1b17b69469e3f1a0b26d992dce1ef697078a466bd1bde5779373bae6ff5b35c39a13f818c03c4a3a3eacda051b44ea0491

    • SSDEEP

      384:WkZm9ZV/dm0q96GA2P0ICNPBRJyCmyCtQV2djVh2:WkZaZVd/qSkQHDlV2djV

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks