General
-
Target
05797ff2ac8848b85883d49bbf767302_JaffaCakes118
-
Size
665KB
-
Sample
240328-pkc69acc5y
-
MD5
05797ff2ac8848b85883d49bbf767302
-
SHA1
71c1c897156e4972d0aada0d931c769659a3ad46
-
SHA256
906b67bed4e4a84b00c903595fd26ffd14888fcf53713127db6f1e5a38bc4455
-
SHA512
4a33f793ee7cceb1a59abea9628d4a26d87d6f66ffee2742dba4c06a0b9aab521384423956521e9d527a9f5a671cdb64756a744b1845c92ca6a5aa4aa47568d0
-
SSDEEP
12288:u58lLrxCHmRC+SoYv8g6L4mMuBd3X3uIIIkIxV0DT:uzqpY0NL4mPBd3X3B+
Static task
static1
Behavioral task
behavioral1
Sample
05797ff2ac8848b85883d49bbf767302_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
05797ff2ac8848b85883d49bbf767302_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
budgetn.shop - Port:
587 - Username:
xianglee@budgetn.shop - Password:
rSJ9l_d%#+1Z - Email To:
xianglee@budgetn.shop
Targets
-
-
Target
05797ff2ac8848b85883d49bbf767302_JaffaCakes118
-
Size
665KB
-
MD5
05797ff2ac8848b85883d49bbf767302
-
SHA1
71c1c897156e4972d0aada0d931c769659a3ad46
-
SHA256
906b67bed4e4a84b00c903595fd26ffd14888fcf53713127db6f1e5a38bc4455
-
SHA512
4a33f793ee7cceb1a59abea9628d4a26d87d6f66ffee2742dba4c06a0b9aab521384423956521e9d527a9f5a671cdb64756a744b1845c92ca6a5aa4aa47568d0
-
SSDEEP
12288:u58lLrxCHmRC+SoYv8g6L4mMuBd3X3uIIIkIxV0DT:uzqpY0NL4mPBd3X3B+
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-