General
-
Target
0b28fcec6aa92f1f82d76d4872608462_JaffaCakes118
-
Size
1.2MB
-
Sample
240624-24qmxazgln
-
MD5
0b28fcec6aa92f1f82d76d4872608462
-
SHA1
7f52fdba06bcce76a0630a33d55e6e04c4e6e438
-
SHA256
691cadca061e29068534972b98fb0a23ab002241eda53bf756ac21fb83b51a63
-
SHA512
c0f8cd9bd43ca2c0fa8e7b66844461ebf0dc5f8698259063d029462eb70ab920501f7c5ec1e54502742c5917553d44880101f236565c05d765c4b0fac3882340
-
SSDEEP
12288:FlxhGT/f7DSvWN1JuigLYVlaf+dhKeVnVBAzzZvwKD3ZvEVhpfNcNCHFb/LE:FAzHSvi7AYaf+dk+gzFopuC9LE
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
server51.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
Bb%RC~tLQ?4V
Targets
-
-
Target
0b28fcec6aa92f1f82d76d4872608462_JaffaCakes118
-
Size
1.2MB
-
MD5
0b28fcec6aa92f1f82d76d4872608462
-
SHA1
7f52fdba06bcce76a0630a33d55e6e04c4e6e438
-
SHA256
691cadca061e29068534972b98fb0a23ab002241eda53bf756ac21fb83b51a63
-
SHA512
c0f8cd9bd43ca2c0fa8e7b66844461ebf0dc5f8698259063d029462eb70ab920501f7c5ec1e54502742c5917553d44880101f236565c05d765c4b0fac3882340
-
SSDEEP
12288:FlxhGT/f7DSvWN1JuigLYVlaf+dhKeVnVBAzzZvwKD3ZvEVhpfNcNCHFb/LE:FAzHSvi7AYaf+dk+gzFopuC9LE
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-