Extracted

• • Target

    a4f4ace29081f66063d5a8c61739dcb4_JaffaCakes118

  • Size

    1.1MB

  • MD5

    a4f4ace29081f66063d5a8c61739dcb4

  • SHA1

    7ff750b4f4e21d265f28836bd28dc691d3e53125

  • SHA256

    7ea9b98bca8ca5e1b8c7c850202d609181d645462ce39d16a920e25f12ad5b81

  • SHA512

    29fb5ffbd5b89c6f4e4a0751b2562ab57de312f9fb58777efa4a67e93aa29979d6318bddfca2bcfbd81fdbc71bc67221521de432a77519615ad44f56eff7e187

  • SSDEEP

    12288:kPZSZWEL1QAEomSpnr6rMRw2stLNDnuSmfWCE27/Jyirzl3TqcNy3R61R:khSZWEL1DZZQMRFKDnu7W927hrzl

  Score

  10^/10

  discoverysnakekeyloggercollectioncredential_accesskeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snakekeylogger family

    snakekeylogger

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2