General
-
Target
ede7036c04a3377c1b2727a20f74db79_JaffaCakes118
-
Size
1.0MB
-
Sample
240411-vctrxsba6v
-
MD5
ede7036c04a3377c1b2727a20f74db79
-
SHA1
5ffd3174e5db47926f0848bfc432fa0bdfc51851
-
SHA256
66086168bb7bb777fc09db800e258e14a6da543e676fb0202737a73e9aec4539
-
SHA512
9bce8d00dfbb9a44585742e8761c9dfa3c81b49d99ea81610e30181f3a9b54d386719cd459a2c44305c5025a45295eedf4ed12049b2792bf6ea8e570693c711e
-
SSDEEP
24576:5o2A4d9yEHjOfOT3zD8IzPovpWQ/NJKaog:mbqjOmD38IzoxxJKlg
Static task
static1
Behavioral task
behavioral1
Sample
ede7036c04a3377c1b2727a20f74db79_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ede7036c04a3377c1b2727a20f74db79_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.haohuatlre.com - Port:
587 - Username:
[email protected] - Password:
babakings32 - Email To:
[email protected]
Targets
-
-
Target
ede7036c04a3377c1b2727a20f74db79_JaffaCakes118
-
Size
1.0MB
-
MD5
ede7036c04a3377c1b2727a20f74db79
-
SHA1
5ffd3174e5db47926f0848bfc432fa0bdfc51851
-
SHA256
66086168bb7bb777fc09db800e258e14a6da543e676fb0202737a73e9aec4539
-
SHA512
9bce8d00dfbb9a44585742e8761c9dfa3c81b49d99ea81610e30181f3a9b54d386719cd459a2c44305c5025a45295eedf4ed12049b2792bf6ea8e570693c711e
-
SSDEEP
24576:5o2A4d9yEHjOfOT3zD8IzPovpWQ/NJKaog:mbqjOmD38IzoxxJKlg
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-