General
-
Target
a0f6b19b8180af5447fd87cd3d6300d5_JaffaCakes118
-
Size
631KB
-
Sample
241126-kspg2azpfq
-
MD5
a0f6b19b8180af5447fd87cd3d6300d5
-
SHA1
f15319bb87e9bc8df6cdfeded321de901f59ae63
-
SHA256
56514a9b670f4834c7f152c757a249c1f6295c9f51facd907aa8598d64554a8d
-
SHA512
0d428f2893ad9827c28af7d70058739af4338c19673baac3c069edd97ee0ad4f7e39d8fded2c4800239e21355eb0fe552adecd09035f69584a0aae83735f9031
-
SSDEEP
12288:Hl+62iNeHK7z/NBHopXfTxvhemCKlUoONxYcNpb93PR:HlB1bjNBHe7xvYmCC9Ix5z93
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.paminakids.com - Port:
587 - Username:
[email protected] - Password:
r1VwpMS)3v*t - Email To:
[email protected]
Targets
-
-
Target
a0f6b19b8180af5447fd87cd3d6300d5_JaffaCakes118
-
Size
631KB
-
MD5
a0f6b19b8180af5447fd87cd3d6300d5
-
SHA1
f15319bb87e9bc8df6cdfeded321de901f59ae63
-
SHA256
56514a9b670f4834c7f152c757a249c1f6295c9f51facd907aa8598d64554a8d
-
SHA512
0d428f2893ad9827c28af7d70058739af4338c19673baac3c069edd97ee0ad4f7e39d8fded2c4800239e21355eb0fe552adecd09035f69584a0aae83735f9031
-
SSDEEP
12288:Hl+62iNeHK7z/NBHopXfTxvhemCKlUoONxYcNpb93PR:HlB1bjNBHe7xvYmCC9Ix5z93
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Snakekeylogger family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-