General
-
Target
f23e4358306ff0a0d4923557df7e6b4a_JaffaCakes118
-
Size
1.2MB
-
Sample
240416-ag6bascb37
-
MD5
f23e4358306ff0a0d4923557df7e6b4a
-
SHA1
496df394ba5d299a04effc62ba651892ca7c1872
-
SHA256
60d54fd4d8198b218da725695a2e4e804a2e150d96700f9fea2a628e1f1ba2bb
-
SHA512
ca10c63b71cbcf80f2afb28dd02deef24e13853dc0a875117d1c43b16212ad37b7b534046b700bed0c0523479f901e45146aa7d0cabdc5ab72fc45c52c4190e8
-
SSDEEP
24576:fSb476DOUfx8Dgyfx8DgQiV6VEDCfQXLNwDZqSL:e476B58Dgy58DgQigVISQXLCZ/
Static task
static1
Behavioral task
behavioral1
Sample
f23e4358306ff0a0d4923557df7e6b4a_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
f23e4358306ff0a0d4923557df7e6b4a_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.fireacoustics.com - Port:
587 - Username:
[email protected] - Password:
_d:rzD~62Jxh - Email To:
[email protected]
Targets
-
-
Target
f23e4358306ff0a0d4923557df7e6b4a_JaffaCakes118
-
Size
1.2MB
-
MD5
f23e4358306ff0a0d4923557df7e6b4a
-
SHA1
496df394ba5d299a04effc62ba651892ca7c1872
-
SHA256
60d54fd4d8198b218da725695a2e4e804a2e150d96700f9fea2a628e1f1ba2bb
-
SHA512
ca10c63b71cbcf80f2afb28dd02deef24e13853dc0a875117d1c43b16212ad37b7b534046b700bed0c0523479f901e45146aa7d0cabdc5ab72fc45c52c4190e8
-
SSDEEP
24576:fSb476DOUfx8Dgyfx8DgQiV6VEDCfQXLNwDZqSL:e476B58Dgy58DgQigVISQXLCZ/
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-