General

  • Target

    ee3071fbf7d91381442734c6145a11fa_JaffaCakes118

  • Size

    710KB

  • Sample

    241214-lwjlmaznbm

  • MD5

    ee3071fbf7d91381442734c6145a11fa

  • SHA1

    ba0a843115aa24d3ea4734f9329d5b19ed435c20

  • SHA256

    4ac9b6a9a2e4787dcf2f85ac31200933d3e3a01b9a0410c13ffc46277a1d3a16

  • SHA512

    ad496a7b34ab9d842fa04069b051030ed840cd4b33fbf23aa09babaab9f34a5593e32b0a224c038f9d8ab17f1c61f611fb777b54cf9fc36ce060274e520dd936

  • SSDEEP

    12288:+HauZjuFWsGB55UXkktw4mMz0VLmkeSsqqYvz+q84n86oAH5cC0oQJ0VU5V6fJKT:kZjNhuXkWwxMwDenWz+28mHSUUP6fJKT

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      ee3071fbf7d91381442734c6145a11fa_JaffaCakes118

    • Size

      710KB

    • MD5

      ee3071fbf7d91381442734c6145a11fa

    • SHA1

      ba0a843115aa24d3ea4734f9329d5b19ed435c20

    • SHA256

      4ac9b6a9a2e4787dcf2f85ac31200933d3e3a01b9a0410c13ffc46277a1d3a16

    • SHA512

      ad496a7b34ab9d842fa04069b051030ed840cd4b33fbf23aa09babaab9f34a5593e32b0a224c038f9d8ab17f1c61f611fb777b54cf9fc36ce060274e520dd936

    • SSDEEP

      12288:+HauZjuFWsGB55UXkktw4mMz0VLmkeSsqqYvz+q84n86oAH5cC0oQJ0VU5V6fJKT:kZjNhuXkWwxMwDenWz+28mHSUUP6fJKT

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks