General
-
Target
132a2ba14ac1a95289b2aca07fd927d3_JaffaCakes118
-
Size
453KB
-
Sample
240328-3yjg3sca41
-
MD5
132a2ba14ac1a95289b2aca07fd927d3
-
SHA1
2f9f746afe1a54cd64e82b377bb6fd709f0ca399
-
SHA256
fe68d5e9330b1320caa01293c6abdc783d553571f3f0b9cc2a43685cc1f2f66b
-
SHA512
10e283c94ae4d24064b6308c5e18faff8cef251a335eaa0e915da33ca4bb535f189dff9aff57cf7b9be8250868ad54e3545d0dd3ca03904bfb7d8cd7747435f9
-
SSDEEP
6144:MmOkxN9livc2Oe82GIAM97jqpoYiAlO6DpCYVHed8nJ5ybxzKbBEtn47GTpsD8XE:O9qskO61Hm8nfIJEa/TpsIXNVKaXSB
Static task
static1
Behavioral task
behavioral1
Sample
132a2ba14ac1a95289b2aca07fd927d3_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
132a2ba14ac1a95289b2aca07fd927d3_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
info@faks-allied-health.com - Password:
$Faks1234 - Email To:
wealthmyson@yandex.com
Targets
-
-
Target
132a2ba14ac1a95289b2aca07fd927d3_JaffaCakes118
-
Size
453KB
-
MD5
132a2ba14ac1a95289b2aca07fd927d3
-
SHA1
2f9f746afe1a54cd64e82b377bb6fd709f0ca399
-
SHA256
fe68d5e9330b1320caa01293c6abdc783d553571f3f0b9cc2a43685cc1f2f66b
-
SHA512
10e283c94ae4d24064b6308c5e18faff8cef251a335eaa0e915da33ca4bb535f189dff9aff57cf7b9be8250868ad54e3545d0dd3ca03904bfb7d8cd7747435f9
-
SSDEEP
6144:MmOkxN9livc2Oe82GIAM97jqpoYiAlO6DpCYVHed8nJ5ybxzKbBEtn47GTpsD8XE:O9qskO61Hm8nfIJEa/TpsIXNVKaXSB
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-