General
-
Target
f013079b38fe97f4240a0aaa570c32a7_JaffaCakes118
-
Size
1.2MB
-
Sample
240415-ctjn6seg81
-
MD5
f013079b38fe97f4240a0aaa570c32a7
-
SHA1
ad314eee43b65a1e9168a171bb7b6625c80bd457
-
SHA256
1c26b57046fc3f021f12a18f23164064342642535614469fdafc92bc19e56a59
-
SHA512
58b1c6e10bdea114d0e97dd489f2b91d3751b3fee4383b17b2794608eb3da48373a39301dfba67469236bd4a56f58d156da5546d919bdd4d6afbc0562902119e
-
SSDEEP
24576:SMXyWI8rajQFdCSGFKVhmNLWbWHMkO0iCWWV/Nm/y12Nhm1:SM9IiaZDFKwR0WHRUyYk
Static task
static1
Behavioral task
behavioral1
Sample
f013079b38fe97f4240a0aaa570c32a7_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f013079b38fe97f4240a0aaa570c32a7_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.onurtriko.com.tr - Port:
587 - Username:
info@onurtriko.com.tr - Password:
Ee980502+E - Email To:
info@onurtriko.com.tr
Targets
-
-
Target
f013079b38fe97f4240a0aaa570c32a7_JaffaCakes118
-
Size
1.2MB
-
MD5
f013079b38fe97f4240a0aaa570c32a7
-
SHA1
ad314eee43b65a1e9168a171bb7b6625c80bd457
-
SHA256
1c26b57046fc3f021f12a18f23164064342642535614469fdafc92bc19e56a59
-
SHA512
58b1c6e10bdea114d0e97dd489f2b91d3751b3fee4383b17b2794608eb3da48373a39301dfba67469236bd4a56f58d156da5546d919bdd4d6afbc0562902119e
-
SSDEEP
24576:SMXyWI8rajQFdCSGFKVhmNLWbWHMkO0iCWWV/Nm/y12Nhm1:SM9IiaZDFKwR0WHRUyYk
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-