General
-
Target
ee25b1225a52eafe7372428a594340f8_JaffaCakes118
-
Size
816KB
-
Sample
240411-xx6y4aae34
-
MD5
ee25b1225a52eafe7372428a594340f8
-
SHA1
4bfab22ac273aac2cbf6d717801ed2e87229455a
-
SHA256
d6a2034896663201dd14b744d20d2355bdcaca18fe623343657fee19053c9468
-
SHA512
f4240a892ad6937108bc0acd3069e5146988e4f9265030fcbe533d11e881a623d8e3553bc70664b608ef88c3c53a22adc52176e9c55dbd10810de6cf9cf2a69d
-
SSDEEP
12288:0CBv0jCzjt73+scfo5vZSjs0z8pGDLLl2K7t7bXTIR:ACz1Oscg5vZS1z8pGx7tr
Static task
static1
Behavioral task
behavioral1
Sample
ee25b1225a52eafe7372428a594340f8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ee25b1225a52eafe7372428a594340f8_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.almenhalidxb.com - Port:
26 - Username:
mzsukri@almenhalidxb.com - Password:
Nimdavirus@7404 - Email To:
mzsukri@almenhalidxb.com
Targets
-
-
Target
ee25b1225a52eafe7372428a594340f8_JaffaCakes118
-
Size
816KB
-
MD5
ee25b1225a52eafe7372428a594340f8
-
SHA1
4bfab22ac273aac2cbf6d717801ed2e87229455a
-
SHA256
d6a2034896663201dd14b744d20d2355bdcaca18fe623343657fee19053c9468
-
SHA512
f4240a892ad6937108bc0acd3069e5146988e4f9265030fcbe533d11e881a623d8e3553bc70664b608ef88c3c53a22adc52176e9c55dbd10810de6cf9cf2a69d
-
SSDEEP
12288:0CBv0jCzjt73+scfo5vZSjs0z8pGDLLl2K7t7bXTIR:ACz1Oscg5vZS1z8pGx7tr
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-