Extracted

• • Target

    JaffaCakes118_04e742e24ad87def9fde98879d33500bd07f799380e891d20d57a9c6395cdc16

  • Size

    152KB

  • MD5

    3cae608ed347184a6c2b9fbeb5c3736c

  • SHA1

    c76bf032bba4d7018b8aa3b42acc0ce07cac552b

  • SHA256

    04e742e24ad87def9fde98879d33500bd07f799380e891d20d57a9c6395cdc16

  • SHA512

    f4e22488dc2e5055d44d13919873d305496639570baa29dd577696f6f9913a3fd2d285a5922e1dbbaa9fd75a42f6ec9383440fcd51ee53814b4885602227fb63

  • SSDEEP

    3072:0FlAi/s+PkZu0eLTJ0LFvb81rzwBlhFbY:Avpx0LFvbkOfb

  Score

  10^/10

  snakekeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Snakekeylogger family

    snakekeylogger

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2