General
-
Target
191d466924dc927d3e6cd3904ac720a3_JaffaCakes118
-
Size
1.8MB
-
Sample
240628-g757jsvhnb
-
MD5
191d466924dc927d3e6cd3904ac720a3
-
SHA1
3cf9319d8e5ffea2f322b18db6ead4990645cdef
-
SHA256
3e62425b0984690c6cc82b7014acf52abe17039966cd6560a10fad090cd22732
-
SHA512
a17c8306e9906766ca5f01d1ddeeef5b33f50193657ba800ae32604651798a2ce09cdc76a5311341d727eae3c5a7bbcafbde979379b75ef513f3c188dc1bcdf3
-
SSDEEP
12288:OmmWpzZDRj6jRPLjRPqjBjjyjBjBjBjBjLjuY1amldaailF/d85+BpNij60ToZUh:M1aAOFJT26IEIXj450RRe9cV
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1634002210:AAGipukUEr-bNBgl2R1_hwFgfb9ez_v6wzE/sendMessage?chat_id=1401219117
Targets
-
-
Target
SHIPPING DOCUMENTS.exe
-
Size
1.2MB
-
MD5
1061052e6af2a0c5b93bd3208b799b53
-
SHA1
ae2717741a67a667810bc1acd0d2410fb3f123c7
-
SHA256
dd52c7558bea0e028364a138ed99a13962d0d8ac14c5c17b8645741ac82792bb
-
SHA512
53719347af2891281e8152538d700d03f1fe1f8226ad336a2be6d0da6d09c85aaa3c281a59465ea29c5a6e1d87729bd814a15e390e7bc2b19edb95f5aa0913ee
-
SSDEEP
12288:mmmWpzZDRj6jRPLjRPqjBjjyjBjBjBjBjLjuY1amldaailF/d85+BpNij60ToZUh:E1aAOFJT26IEIXj450RRe9cV
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-