General
-
Target
ee88c9b476f721af2571cf310dd98a59_JaffaCakes118
-
Size
973KB
-
Sample
240411-2wzkvabb6x
-
MD5
ee88c9b476f721af2571cf310dd98a59
-
SHA1
2ed6cd70e7049e2eb1c8b8ecd0af4e96639fe8e0
-
SHA256
665036f55a5222fab9b1d65f0cd2ba2363a1490db114c5a9bf2e0f230f1d0f7f
-
SHA512
d0c6b5dea0fbcf7571c4513f427977981417b2a8a6108117ba0f7b23e607ab04f8546190edd5e6c4abe1f452e260f36dc8ceac4c508c8b021f43f76462894989
-
SSDEEP
24576:zhFfgQH5u5/d36K64JCaaUWHDD0PWNwo:zhFj/K64Jpojl2o
Static task
static1
Behavioral task
behavioral1
Sample
ee88c9b476f721af2571cf310dd98a59_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ee88c9b476f721af2571cf310dd98a59_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.fireacoustics.com - Port:
587 - Username:
[email protected] - Password:
_d:rzD~62Jxh - Email To:
[email protected]
Targets
-
-
Target
ee88c9b476f721af2571cf310dd98a59_JaffaCakes118
-
Size
973KB
-
MD5
ee88c9b476f721af2571cf310dd98a59
-
SHA1
2ed6cd70e7049e2eb1c8b8ecd0af4e96639fe8e0
-
SHA256
665036f55a5222fab9b1d65f0cd2ba2363a1490db114c5a9bf2e0f230f1d0f7f
-
SHA512
d0c6b5dea0fbcf7571c4513f427977981417b2a8a6108117ba0f7b23e607ab04f8546190edd5e6c4abe1f452e260f36dc8ceac4c508c8b021f43f76462894989
-
SSDEEP
24576:zhFfgQH5u5/d36K64JCaaUWHDD0PWNwo:zhFj/K64Jpojl2o
Score10/10-
Snake Keylogger payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-