General

  • Target

    JaffaCakes118_3a6312d7bf1d98f606ae08c89469c2f485856f0bb0dd88ba796af03b969ec995

  • Size

    45KB

  • Sample

    241224-rnlznsyrgt

  • MD5

    75a3cead93a483c5a01e6bc451e9da04

  • SHA1

    7049bafdb43b0f01cece393e7aee6be88ca5bcc6

  • SHA256

    3a6312d7bf1d98f606ae08c89469c2f485856f0bb0dd88ba796af03b969ec995

  • SHA512

    d29eecb292d4e0436bba2fcc0ab2d5aa64dcb5202dc4ca4cd9dfd7050a6e21800e80627dfc60713d7bc07d57489e3ab1be6ab966133af2551189f468f15446e7

  • SSDEEP

    768:WAT1PdetItxuVKY8g9KQmNYwG1wmHI8BwWKScp6Gi8yCd9/35EbsA90qkZDPRMv1:WAT1OIHuVaEmdTmoTWKScpbi8yC/v5Eb

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      7943a35a82cdeeedd3d1271bf449fa554665ff38fc07b17a5067385e1ed0724c.exe

    • Size

      152KB

    • MD5

      1f662c1f7634ab807e2f4d2f368cfa8d

    • SHA1

      abc5d11cce23916872a469d8711d8c3c2f11256a

    • SHA256

      7943a35a82cdeeedd3d1271bf449fa554665ff38fc07b17a5067385e1ed0724c

    • SHA512

      0cc94bf6478aa4d154890a34b091a5e0aa3774a0cca37d0ecf8dc887211b4936777539a1672d4f703cef421173bf57a56f68f05db4f8d0cdf71d93c0a67d91f7

    • SSDEEP

      1536:pi6sFUWsvTZUv81g3HV7uzabrkNOb/U+WG8DpiOWBNbF0Kcl:pi68VsVUv81g3Hb4Ob8LRtwBNbFbY

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks