General
-
Target
ec64f366ab9e10a8a8c9dc79c823991c_JaffaCakes118
-
Size
667KB
-
Sample
240411-bvvbmage98
-
MD5
ec64f366ab9e10a8a8c9dc79c823991c
-
SHA1
8522715a309a6d5e9509a8d8f908d6b124443ba0
-
SHA256
c3008abf22d410317c895576bfd4a26663ac4a3dddd8b3319b96d58f43402e07
-
SHA512
57532f3b33479365f1a313bebe0863c671b487c9b8ecf290605de28ce55394a7db6751add5e4143041bdeec3ec986e78440a5cef456eaee90a420dc58c301e77
-
SSDEEP
12288:AQ/qahkCulerrsGpiAjFHXLs4U/vXF8XImfQzlXB0q32w77VUjTAoSC1:7/qCk7vGzF37U/vVcfUNmwlU3
Static task
static1
Behavioral task
behavioral1
Sample
ec64f366ab9e10a8a8c9dc79c823991c_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
ec64f366ab9e10a8a8c9dc79c823991c_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
bh-16.webhostbox.net - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
ec64f366ab9e10a8a8c9dc79c823991c_JaffaCakes118
-
Size
667KB
-
MD5
ec64f366ab9e10a8a8c9dc79c823991c
-
SHA1
8522715a309a6d5e9509a8d8f908d6b124443ba0
-
SHA256
c3008abf22d410317c895576bfd4a26663ac4a3dddd8b3319b96d58f43402e07
-
SHA512
57532f3b33479365f1a313bebe0863c671b487c9b8ecf290605de28ce55394a7db6751add5e4143041bdeec3ec986e78440a5cef456eaee90a420dc58c301e77
-
SSDEEP
12288:AQ/qahkCulerrsGpiAjFHXLs4U/vXF8XImfQzlXB0q32w77VUjTAoSC1:7/qCk7vGzF37U/vVcfUNmwlU3
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-