General
-
Target
1152d04aafc683d5408838287483364d_JaffaCakes118
-
Size
646KB
-
Sample
240328-11g1xsae48
-
MD5
1152d04aafc683d5408838287483364d
-
SHA1
61c4ea03c225fe0124419614f16e3709f9ec4700
-
SHA256
25449e29a38dc9c7b102b263b6c076a8b45ac2d2149c336ed9c885cd41905a8c
-
SHA512
f00003cbdf7b8131466f7b14426559af027a93d97020fb00572303f4600f285d8f1aeff9ccf1540d7255f5049ce56d285f70343b157c18567e75caaabbbe0208
-
SSDEEP
12288:XB6jih7jqCKRGm8ec388qtZTKC/aJUxiAmN11K2:XB0o88B3PqtJ/aJPAmxK2
Static task
static1
Behavioral task
behavioral1
Sample
1152d04aafc683d5408838287483364d_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1152d04aafc683d5408838287483364d_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.oceanskylogistics.in - Port:
587 - Username:
export@oceanskylogistics.in - Password:
Oce@n@1234 - Email To:
sameh.mohamed404@yandex.com
Targets
-
-
Target
1152d04aafc683d5408838287483364d_JaffaCakes118
-
Size
646KB
-
MD5
1152d04aafc683d5408838287483364d
-
SHA1
61c4ea03c225fe0124419614f16e3709f9ec4700
-
SHA256
25449e29a38dc9c7b102b263b6c076a8b45ac2d2149c336ed9c885cd41905a8c
-
SHA512
f00003cbdf7b8131466f7b14426559af027a93d97020fb00572303f4600f285d8f1aeff9ccf1540d7255f5049ce56d285f70343b157c18567e75caaabbbe0208
-
SSDEEP
12288:XB6jih7jqCKRGm8ec388qtZTKC/aJUxiAmN11K2:XB0o88B3PqtJ/aJPAmxK2
Score10/10-
Snake Keylogger payload
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
fccff8cb7a1067e23fd2e2b63971a8e1
-
SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91
-
SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
-
SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
-
SSDEEP
192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score3/10 -