Extracted

• • Target

    e51d1b62956a8bdd2defff3fc26ce5d0_JaffaCakes118

  • Size

    735KB

  • MD5

    e51d1b62956a8bdd2defff3fc26ce5d0

  • SHA1

    11e3465fd21eaaf3d7dadac748bf55b66bf07b24

  • SHA256

    01fdee436dd11c4f83a8661fa7d1b348582d7351228f6419823a3afe6ccfd15c

  • SHA512

    d5a10d67f7f453166d79c210397c0358c081831cc68e8337ba62ac8dc144ef39d8aebee07c2a8e33b8b4e302f6351bb8db9cabee09b01d4cc585f0120a960243

  • SSDEEP

    12288:JMvbmy+70pKXQlN5g2YlH35OOawI/5nsVDj2R5xar7+QU3h6Gk4r27NZN:+jI5OfwI/5nsBj2RyGR6357

  Score

  10^/10

  snakekeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2