General

  • Target

    9ff683e754ab8cc6d2c5f2745e650e22_JaffaCakes118

  • Size

    562KB

  • Sample

    241126-fpnn4ssmbq

  • MD5

    9ff683e754ab8cc6d2c5f2745e650e22

  • SHA1

    d473712581653969d8f314dd11620bcfbcde3578

  • SHA256

    4e449fdff6df1acbaba9250bb8cb66e4674d49be190c0c9070ca3f5b8ee73435

  • SHA512

    e32c713cd0a3d1bb6663af371acb4d8ddaf74a2a3db868e79a2e5f622ddaaa90c16614da6a4ea40acd8d2ea6feddf36579a42734414889341e4a74a2d4a565c0

  • SSDEEP

    12288:k9pUim21V+JsmuWLWiuyaWfIrP08Xou6PWkOS23lVnUn1Nv/pmHRF1M38H:hG68lZePh

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1740221425:AAEOVM7H7MhKkyXcbjQXPID2QnxGYTTnqCY/sendMessage?chat_id=1482312326

Targets

    • Target

      9ff683e754ab8cc6d2c5f2745e650e22_JaffaCakes118

    • Size

      562KB

    • MD5

      9ff683e754ab8cc6d2c5f2745e650e22

    • SHA1

      d473712581653969d8f314dd11620bcfbcde3578

    • SHA256

      4e449fdff6df1acbaba9250bb8cb66e4674d49be190c0c9070ca3f5b8ee73435

    • SHA512

      e32c713cd0a3d1bb6663af371acb4d8ddaf74a2a3db868e79a2e5f622ddaaa90c16614da6a4ea40acd8d2ea6feddf36579a42734414889341e4a74a2d4a565c0

    • SSDEEP

      12288:k9pUim21V+JsmuWLWiuyaWfIrP08Xou6PWkOS23lVnUn1Nv/pmHRF1M38H:hG68lZePh

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks