General
-
Target
180c8459939df2d34157a325540d74d3_JaffaCakes118
-
Size
451KB
-
Sample
240329-eqzx4aaa44
-
MD5
180c8459939df2d34157a325540d74d3
-
SHA1
847121817a36aeab9289ef0538fc5da216d0a9a6
-
SHA256
af878a79ddc96eb0a8db75ee921c83933f7ff30191c219d5e90a965b0918f137
-
SHA512
e72d228a6ceb1f929a60cd75bd23ed90a3af31874ef3cef760d49f6baa49b2211f72b7637b80fa274f898acc10a8a6131e76ab017152d72cae0d0e4c82f05532
-
SSDEEP
12288:dXSBhKnb48YDrgvMJObqk2PNNmedg4P8dHFK:EBhKnk8jh291HV8a
Static task
static1
Behavioral task
behavioral1
Sample
180c8459939df2d34157a325540d74d3_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
180c8459939df2d34157a325540d74d3_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
[email protected] - Password:
$Faks1234 - Email To:
[email protected]
Targets
-
-
Target
180c8459939df2d34157a325540d74d3_JaffaCakes118
-
Size
451KB
-
MD5
180c8459939df2d34157a325540d74d3
-
SHA1
847121817a36aeab9289ef0538fc5da216d0a9a6
-
SHA256
af878a79ddc96eb0a8db75ee921c83933f7ff30191c219d5e90a965b0918f137
-
SHA512
e72d228a6ceb1f929a60cd75bd23ed90a3af31874ef3cef760d49f6baa49b2211f72b7637b80fa274f898acc10a8a6131e76ab017152d72cae0d0e4c82f05532
-
SSDEEP
12288:dXSBhKnb48YDrgvMJObqk2PNNmedg4P8dHFK:EBhKnk8jh291HV8a
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-