General
-
Target
02fd8bf0a63bef700772a26b668f5f6e_JaffaCakes118
-
Size
861KB
-
Sample
240328-mavx7sga55
-
MD5
02fd8bf0a63bef700772a26b668f5f6e
-
SHA1
70cd8037604370346df9192e2e02c2a699137079
-
SHA256
e420e3e9215aff5e36305d36bb261796a02468fdba91d148e484b450c7ba3e86
-
SHA512
6597a18aa86901d36b1fb2097704377c24169326554139e7230f2c0e0acea534429b3d07409f25c1366f2716cd5dbfc4cee2417058453a3afb7b05d1a912eb4d
-
SSDEEP
12288:2fVJVlDtFpC0mNuiptqb24pwS+hvqkq3vIQRukzjHhUyL6Rw13z71HQrXwTeg8AC:OJVl80m08+wSoqkq3v
Static task
static1
Behavioral task
behavioral1
Sample
02fd8bf0a63bef700772a26b668f5f6e_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
02fd8bf0a63bef700772a26b668f5f6e_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.liuxnett.com - Port:
587 - Username:
restorelogs@liuxnett.com - Password:
?54aMnD_trv}
Targets
-
-
Target
02fd8bf0a63bef700772a26b668f5f6e_JaffaCakes118
-
Size
861KB
-
MD5
02fd8bf0a63bef700772a26b668f5f6e
-
SHA1
70cd8037604370346df9192e2e02c2a699137079
-
SHA256
e420e3e9215aff5e36305d36bb261796a02468fdba91d148e484b450c7ba3e86
-
SHA512
6597a18aa86901d36b1fb2097704377c24169326554139e7230f2c0e0acea534429b3d07409f25c1366f2716cd5dbfc4cee2417058453a3afb7b05d1a912eb4d
-
SSDEEP
12288:2fVJVlDtFpC0mNuiptqb24pwS+hvqkq3vIQRukzjHhUyL6Rw13z71HQrXwTeg8AC:OJVl80m08+wSoqkq3v
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-