General
-
Target
2fbd15a6d2007c2c438c181e952ef389_JaffaCakes118
-
Size
329KB
-
Sample
240330-baeensdc8y
-
MD5
2fbd15a6d2007c2c438c181e952ef389
-
SHA1
fc0f939e922d18a13c67c7957dd84b486472a82e
-
SHA256
359aca28cbb86b8055202dd1fe9cc037e16d8863f979e0dd92f2e74056f467f1
-
SHA512
55ca8374cd971cef30cec5ceb2835112c3b6406038f20cd72373ff74919214722a4988dbca9d6e170b1e7e49d13a8ea4208c9bdbebd16901ace5afe0025e5a9c
-
SSDEEP
3072:XQO8S+DcOgCOgCOgmh2eScGKiFzOT2G+NgdVqeVZflzbPLSKR6nyTUgTjQlO+ZhD:AXBuFpGpdVxZ9vTYnDhOVKOfVyamY
Static task
static1
Behavioral task
behavioral1
Sample
2fbd15a6d2007c2c438c181e952ef389_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2fbd15a6d2007c2c438c181e952ef389_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
iwRaBVG6 - Email To:
[email protected]
https://api.telegram.org/bot2043981125:AAGaa5K6uc5rV5LARENbXhpoD0InPrKgKJI/sendMessage?chat_id=2062013058
Targets
-
-
Target
2fbd15a6d2007c2c438c181e952ef389_JaffaCakes118
-
Size
329KB
-
MD5
2fbd15a6d2007c2c438c181e952ef389
-
SHA1
fc0f939e922d18a13c67c7957dd84b486472a82e
-
SHA256
359aca28cbb86b8055202dd1fe9cc037e16d8863f979e0dd92f2e74056f467f1
-
SHA512
55ca8374cd971cef30cec5ceb2835112c3b6406038f20cd72373ff74919214722a4988dbca9d6e170b1e7e49d13a8ea4208c9bdbebd16901ace5afe0025e5a9c
-
SSDEEP
3072:XQO8S+DcOgCOgCOgmh2eScGKiFzOT2G+NgdVqeVZflzbPLSKR6nyTUgTjQlO+ZhD:AXBuFpGpdVxZ9vTYnDhOVKOfVyamY
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-