General
-
Target
bd4b3301fd70c460bf4a810f365997ce_JaffaCakes118
-
Size
790KB
-
Sample
241203-n6l6lszlfm
-
MD5
bd4b3301fd70c460bf4a810f365997ce
-
SHA1
51cb819929057cc35ab3d8442a39a6212f5c7baa
-
SHA256
4a5638fc9de5e56aea49d9b4a552a6b00620b9a801a23c4273c966b461247114
-
SHA512
3a5506952065a89710a5fd7d5fd22eeea124540c740eca9fa62bf4cfceaea38a6f98c1af2b70b4effa6fd59d99a0c8e058cb4d767c1855c0ac0324b25eeef38d
-
SSDEEP
12288:K1tY1TCTVwiiAHK7z8M28OF/mwC9PoxvNZvv4Z2GbbMCm3KbU3:GtPhwii3AL8OlIoVNZvv4Zj/MCTU3
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.zeeneh.ps - Port:
587 - Username:
[email protected] - Password:
8cqiru81wg - Email To:
[email protected]
Targets
-
-
Target
bd4b3301fd70c460bf4a810f365997ce_JaffaCakes118
-
Size
790KB
-
MD5
bd4b3301fd70c460bf4a810f365997ce
-
SHA1
51cb819929057cc35ab3d8442a39a6212f5c7baa
-
SHA256
4a5638fc9de5e56aea49d9b4a552a6b00620b9a801a23c4273c966b461247114
-
SHA512
3a5506952065a89710a5fd7d5fd22eeea124540c740eca9fa62bf4cfceaea38a6f98c1af2b70b4effa6fd59d99a0c8e058cb4d767c1855c0ac0324b25eeef38d
-
SSDEEP
12288:K1tY1TCTVwiiAHK7z8M28OF/mwC9PoxvNZvv4Z2GbbMCm3KbU3:GtPhwii3AL8OlIoVNZvv4Zj/MCTU3
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Snakekeylogger family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-