General

  • Target

    e52aefae051cf2ccb0a5167f934fb962_JaffaCakes118

  • Size

    709KB

  • Sample

    241212-hhavsatlhx

  • MD5

    e52aefae051cf2ccb0a5167f934fb962

  • SHA1

    90b4a3591719e45bf10fcccab82071147811a996

  • SHA256

    d66e6332874f85b47e9d2aa3c2b27d91a4bd42546e7e0ed2ccaf3556bc8130aa

  • SHA512

    5b5f9301802c1c15aa07a21557697cf1f4eb2d471e2883e42874e7bcbe0228539fec022e2f17084d14e408c26429f4769a117f79dfc00fd994550d299fbfb174

  • SSDEEP

    12288:BcWfHK7zhBtrf+7XcY8EouJRJANGogetMMhT28RQNgEwJCElkM:lCFBtr1Y8EouJRJAGPqMwRQNg3I+kM

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      e52aefae051cf2ccb0a5167f934fb962_JaffaCakes118

    • Size

      709KB

    • MD5

      e52aefae051cf2ccb0a5167f934fb962

    • SHA1

      90b4a3591719e45bf10fcccab82071147811a996

    • SHA256

      d66e6332874f85b47e9d2aa3c2b27d91a4bd42546e7e0ed2ccaf3556bc8130aa

    • SHA512

      5b5f9301802c1c15aa07a21557697cf1f4eb2d471e2883e42874e7bcbe0228539fec022e2f17084d14e408c26429f4769a117f79dfc00fd994550d299fbfb174

    • SSDEEP

      12288:BcWfHK7zhBtrf+7XcY8EouJRJANGogetMMhT28RQNgEwJCElkM:lCFBtr1Y8EouJRJAGPqMwRQNg3I+kM

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks