General
-
Target
ed8ac123e16f157b24c8a480c78d744a_JaffaCakes118
-
Size
1.1MB
-
Sample
240411-qtypzscd86
-
MD5
ed8ac123e16f157b24c8a480c78d744a
-
SHA1
bae7e0e59206ef554deb79c10875edacc0f464d4
-
SHA256
f2ee4a2a477e5ab69949d331617c5727319c622012a7469f7308716e8ace5a96
-
SHA512
07f8b18810512745fd2613756536ec391ea797883eb0762abb42254a1ea82bc567ba81efb81898677b3d89cd00ef8140f932cc952c0c4ee2aa64d469984f3c67
-
SSDEEP
24576:URyTcvf25/d3e64JaSZTDgYCFqwYVxBGX:URyTG64JaQLNZGX
Static task
static1
Behavioral task
behavioral1
Sample
ed8ac123e16f157b24c8a480c78d744a_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ed8ac123e16f157b24c8a480c78d744a_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.trellaborg.com - Port:
587 - Username:
[email protected] - Password:
p4+vh#8Puf*N - Email To:
[email protected]
Targets
-
-
Target
ed8ac123e16f157b24c8a480c78d744a_JaffaCakes118
-
Size
1.1MB
-
MD5
ed8ac123e16f157b24c8a480c78d744a
-
SHA1
bae7e0e59206ef554deb79c10875edacc0f464d4
-
SHA256
f2ee4a2a477e5ab69949d331617c5727319c622012a7469f7308716e8ace5a96
-
SHA512
07f8b18810512745fd2613756536ec391ea797883eb0762abb42254a1ea82bc567ba81efb81898677b3d89cd00ef8140f932cc952c0c4ee2aa64d469984f3c67
-
SSDEEP
24576:URyTcvf25/d3e64JaSZTDgYCFqwYVxBGX:URyTG64JaQLNZGX
Score10/10-
Snake Keylogger payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-