General
-
Target
ef7c473221c4ab4a50a89a3ac440cfcb_JaffaCakes118
-
Size
524KB
-
Sample
240414-zp1s8add24
-
MD5
ef7c473221c4ab4a50a89a3ac440cfcb
-
SHA1
cb0c43f78c15ca4647630b66c1e99717c3901a86
-
SHA256
d01f8fc17997730628aa3af35b790defbdacd7a81a3f0166252a30a804a52d20
-
SHA512
c1b2324423f888924e0aaed71d46971106d1bf559716dd951577453d7d7d8a1847053aaac70fa1f687b58fb8ac143afc935c796789eab78a63834f60b2978359
-
SSDEEP
12288:GF+dDdy0WgAfMW2O+ISH+2f+PvJQK/1FF/SiIRwA8VJUSAu6t:SHOin+sv9BplUS
Static task
static1
Behavioral task
behavioral1
Sample
ef7c473221c4ab4a50a89a3ac440cfcb_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ef7c473221c4ab4a50a89a3ac440cfcb_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.dairysystems.co.ke - Port:
587 - Username:
info@dairysystems.co.ke - Password:
2019@systems - Email To:
info@dairysystems.co.ke
Targets
-
-
Target
ef7c473221c4ab4a50a89a3ac440cfcb_JaffaCakes118
-
Size
524KB
-
MD5
ef7c473221c4ab4a50a89a3ac440cfcb
-
SHA1
cb0c43f78c15ca4647630b66c1e99717c3901a86
-
SHA256
d01f8fc17997730628aa3af35b790defbdacd7a81a3f0166252a30a804a52d20
-
SHA512
c1b2324423f888924e0aaed71d46971106d1bf559716dd951577453d7d7d8a1847053aaac70fa1f687b58fb8ac143afc935c796789eab78a63834f60b2978359
-
SSDEEP
12288:GF+dDdy0WgAfMW2O+ISH+2f+PvJQK/1FF/SiIRwA8VJUSAu6t:SHOin+sv9BplUS
Score10/10-
Detect ZGRat V1
-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-