General
-
Target
JaffaCakes118_bed4a226f15973889e2b2d7b22139ae7da36ca8cf294ee6dadcf5fa745718675
-
Size
45KB
-
Sample
241224-k2ghsatla1
-
MD5
e619bf43bb7e37fffcb9e1703cc07239
-
SHA1
517cc95ec79740224e89c3e801d2b53ad43c0f24
-
SHA256
bed4a226f15973889e2b2d7b22139ae7da36ca8cf294ee6dadcf5fa745718675
-
SHA512
d574e6cccdc3e248a60d3609b560470f6820209d62568e29d21a17d8fd0e55cc9d1e3a4271b66431f01bf669871c469abf63aca6b0b303d4203480b3c14d56e1
-
SSDEEP
768:b1H9TT4JS7mby2fgJIvPSAz/zIAHQktHf/1oBPf2UqUobAgc2HRwCM2REHdZ3+mU:xdTGbYRAnIAHQ2Hf9oBf2ZbAcHGCM2ew
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
2dba858531f202616c3902f48afb710ec67dc2c53a6747c5073e44ac4582178f.exe
-
Size
126KB
-
MD5
516257bdbaf5dc222f54f5d6f6bfa153
-
SHA1
f7514a847c0f1b73449feae50ddeda030b34c682
-
SHA256
2dba858531f202616c3902f48afb710ec67dc2c53a6747c5073e44ac4582178f
-
SHA512
0f2bc4e908533d571bc47f3340106ad1510c98779ddf205e142838eedcaa9bb2c96c17730fda82f3ce7e11b6a27e75b0f72d98204c18517990f5b3df6213d900
-
SSDEEP
1536:qp0H7isrKDzOfOpU3HXnEKD9nqNb/UWK7ioPtvWm8MBpiOWBh3F0Kcl:qp0HOsmHOfOpU3HXXWb8nTBzwBh3FbY
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Snakekeylogger family
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-