General
-
Target
33e4de4d5814252ae336aca5c69c9ff7_JaffaCakes118
-
Size
537KB
-
Sample
240330-fbnf7aha6t
-
MD5
33e4de4d5814252ae336aca5c69c9ff7
-
SHA1
e9df6feccc66a7d9153f80472f10e4ac98407ee6
-
SHA256
e2a955f7b2bc03dde54a2197b69ad8078deec668a19b40abe42d563265a2e597
-
SHA512
73300c48939b0113b6fa75967b74aef7f17fade039588a376098bfcc44ace4b703073bbb46005223553c226c0989edbccd147efdda7253a1581431fee1abe17e
-
SSDEEP
12288:Kogc8I8Nnhv/ZO7Xc9ffX1dZhz4YBapC3U9+m50:Gncc9ffFdZtQ9v5
Static task
static1
Behavioral task
behavioral1
Sample
33e4de4d5814252ae336aca5c69c9ff7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
33e4de4d5814252ae336aca5c69c9ff7_JaffaCakes118.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sacauto.co.za - Port:
587 - Username:
[email protected] - Password:
#R0797967613 - Email To:
[email protected]
Targets
-
-
Target
33e4de4d5814252ae336aca5c69c9ff7_JaffaCakes118
-
Size
537KB
-
MD5
33e4de4d5814252ae336aca5c69c9ff7
-
SHA1
e9df6feccc66a7d9153f80472f10e4ac98407ee6
-
SHA256
e2a955f7b2bc03dde54a2197b69ad8078deec668a19b40abe42d563265a2e597
-
SHA512
73300c48939b0113b6fa75967b74aef7f17fade039588a376098bfcc44ace4b703073bbb46005223553c226c0989edbccd147efdda7253a1581431fee1abe17e
-
SSDEEP
12288:Kogc8I8Nnhv/ZO7Xc9ffX1dZhz4YBapC3U9+m50:Gncc9ffFdZtQ9v5
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-