General
-
Target
ee5e1eabbdb31b6191c744b77a1de93d_JaffaCakes118
-
Size
915KB
-
Sample
240411-z8gvfsgg4s
-
MD5
ee5e1eabbdb31b6191c744b77a1de93d
-
SHA1
8bccbae02b39c99584168067d7d515264d1ab9a5
-
SHA256
5f1b0d6fca306c6614607fb58b497f765a482b9500c1f82c1696504460b07cd8
-
SHA512
571fd6656ce39c4d11e6915038330da31b1c9863326e81d6df03adc02f5085db7c2544fe5e0730b41a569bbf29ecb477ae60c694c15ef9374bc1f5831ebdb7be
-
SSDEEP
12288:LPdsn7TdmXiJnd/fq2+FVuKM4f7yXLsCf:DKnfdRJ5q2KVmm+sc
Static task
static1
Behavioral task
behavioral1
Sample
ee5e1eabbdb31b6191c744b77a1de93d_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
ee5e1eabbdb31b6191c744b77a1de93d_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sayimkalip.com - Port:
587 - Username:
[email protected] - Password:
3edcvfr4** - Email To:
[email protected]
https://api.telegram.org/bot1483662500:AAGrMuxJV05-It-ke-xXVV6-R6IAtETpJb0/sendMessage?chat_id=1300181783
Targets
-
-
Target
ee5e1eabbdb31b6191c744b77a1de93d_JaffaCakes118
-
Size
915KB
-
MD5
ee5e1eabbdb31b6191c744b77a1de93d
-
SHA1
8bccbae02b39c99584168067d7d515264d1ab9a5
-
SHA256
5f1b0d6fca306c6614607fb58b497f765a482b9500c1f82c1696504460b07cd8
-
SHA512
571fd6656ce39c4d11e6915038330da31b1c9863326e81d6df03adc02f5085db7c2544fe5e0730b41a569bbf29ecb477ae60c694c15ef9374bc1f5831ebdb7be
-
SSDEEP
12288:LPdsn7TdmXiJnd/fq2+FVuKM4f7yXLsCf:DKnfdRJ5q2KVmm+sc
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-