Overview

overview

10

Static

static

3

Invoice fo...ed.exe

windows7-x64

10

Invoice fo...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    467ade5198972318904ef85b3d7726b7_JaffaCakes118

  • Size

    620KB

  • Sample

    241015-h9azvswcmr

  • MD5

    467ade5198972318904ef85b3d7726b7

  • SHA1

    1ca77cf00ae30e4b191b9995c3318965f1b52971

  • SHA256

    bcb33dca005d9304c510b37244bf304ac9ce7dbcb0b4708752cdb747b877dd04

  • SHA512

    aac514a69193a72e45ebbf3d0223340832fb28396abe62c5f32d964a0884796ee7fcfc842ae8895dddf9de18b34b18c732b62d08f8a1b950e3d4ad0046f69ebe

  • SSDEEP

    12288:VhtNidMGtYyvB2HzoSLzJ0qtwwq23THskcsy+wTBylsEfA+M:7tNidMM1pcLLt08w/sSEfDM

Score
10/10
snakekeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    BkKMmzZ1

Targets

    • Target

      Invoice for Authorized.exe

    • Size

      1.1MB

    • MD5

      a4f4ace29081f66063d5a8c61739dcb4

    • SHA1

      7ff750b4f4e21d265f28836bd28dc691d3e53125

    • SHA256

      7ea9b98bca8ca5e1b8c7c850202d609181d645462ce39d16a920e25f12ad5b81

    • SHA512

      29fb5ffbd5b89c6f4e4a0751b2562ab57de312f9fb58777efa4a67e93aa29979d6318bddfca2bcfbd81fdbc71bc67221521de432a77519615ad44f56eff7e187

    • SSDEEP

      12288:kPZSZWEL1QAEomSpnr6rMRw2stLNDnuSmfWCE27/Jyirzl3TqcNy3R61R:khSZWEL1DZZQMRFKDnu7W927hrzl

    Score
    10/10
    snakekeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks