Extracted

• • Target

    f92241675e9e5098c86ad53b9a00e3f1_JaffaCakes118

  • Size

    650KB

  • MD5

    f92241675e9e5098c86ad53b9a00e3f1

  • SHA1

    405afc0044739dc728429ca1c57af21388466711

  • SHA256

    167df3ce10aa6cd34b41e855f230676960674b2a1963199f5bc79cc5be8bf7e5

  • SHA512

    0a93c5fcf0f14f3a9bea5217b52be1c47ef233d3705a30e0ea5c3dc516ef9e6e45ea9a785484605080be1b290d58dc6227584fe4c27d72dd2fd68e2dd4b1934d

  • SSDEEP

    12288:BJCnJCZCbYQjoiuj3JdEAgQCIGQXU50LduyngPNAZnreb:KcZCbYQjoBj3JngQCIGQXU50LrngPqtr

  Score

  10^/10

  snakekeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Beds Protector Packer

    Detects Beds Protector packer used to load .NET malware.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2