Overview

overview

10

Static

static

3

BANK INFORMATION.exe

windows7-x64

10

BANK INFORMATION.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9dd8ae0d47168e5c815cf49ddae7d25c_JaffaCakes118

  • Size

    656KB

  • Sample

    241125-zqr8gasndr

  • MD5

    9dd8ae0d47168e5c815cf49ddae7d25c

  • SHA1

    c47d269ef6b70a650e40fbb5ff33ca20b49bf1df

  • SHA256

    c63131caf89788777ee4f2873400393c9dae54464043e1bbdae6c57a8f971f1e

  • SHA512

    3e9d8a8e9fd81d77c03f315c261a7498b649816b2adc7056867bca46965497f59e0f61af6f54a8682b7f5d1ef9d316a4cc130213a16c45cbcfff4b6117abbb8c

  • SSDEEP

    12288:i1Uxkn+AqFjidC9CA8CASCa0G/I/vV3WkpjvrIe0JXshUUJOkQYS4sUJfcsK:i1Uxkn+AqZYC9CFCo7G/sV3ljzI2hfJu

Score
10/10
snakekeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    BkKMmzZ1

Targets

    • Target

      BANK INFORMATION.exe

    • Size

      856KB

    • MD5

      c67942995f9f76a2fe57c85f27435aa0

    • SHA1

      7c447663a9e841f47cba60e29164accedd82e4e8

    • SHA256

      44af2a0a5fe2bbc9da82eb8836213ef51297cbf439ac9afd244f9513539b2f53

    • SHA512

      8071049978a65e0ff2eb1375a0e445ba9a4656814a670574b795171829c0d2e5d7543f9480275032d2e8d55eab4fdeb1fe604f5f0c50930532b7b4166251e2ce

    • SSDEEP

      12288:hWYaoA3uSHK7zFLpIa7/rXwBWfIt4zREuN/UMhWBge//Worn0k/O5z1f:M9uRRNVbrXwR4zRb6hBO5

    Score
    10/10
    snakekeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snakekeylogger family

      snakekeylogger

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks