General
-
Target
f3b81cc4177e11666d0d4b030ae136fc_JaffaCakes118
-
Size
435KB
-
Sample
240416-r8mfyaed4v
-
MD5
f3b81cc4177e11666d0d4b030ae136fc
-
SHA1
7c77e6d27cf37602e17d29e602c04bc433fdc7f1
-
SHA256
981d639d5500e2012103163a359474eb356b1548dff4087b5aab97103e7bec5c
-
SHA512
a751ae8380d206ce7641f9ccf9f2889ce445aa7ce1e8aa276e165bdb4bac9c45570f9a7a690e55fde39a7dee85f9bbade4666dcdd9ed2b5c807985b94d433f35
-
SSDEEP
6144:AkN8EmRpfI+hiSVwbwZ3X83DDIdwaYIQm613b7cq3N:N8EK1I+hv2M3M3HGlQN3n/3N
Static task
static1
Behavioral task
behavioral1
Sample
f3b81cc4177e11666d0d4b030ae136fc_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f3b81cc4177e11666d0d4b030ae136fc_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sayimkalip.com - Port:
587 - Username:
basar@sayimkalip.com - Password:
3edcvfr4** - Email To:
saleseuropower@yandex.com
https://api.telegram.org/bot1483662500:AAGrMuxJV05-It-ke-xXVV6-R6IAtETpJb0/sendMessage?chat_id=1300181783
Targets
-
-
Target
f3b81cc4177e11666d0d4b030ae136fc_JaffaCakes118
-
Size
435KB
-
MD5
f3b81cc4177e11666d0d4b030ae136fc
-
SHA1
7c77e6d27cf37602e17d29e602c04bc433fdc7f1
-
SHA256
981d639d5500e2012103163a359474eb356b1548dff4087b5aab97103e7bec5c
-
SHA512
a751ae8380d206ce7641f9ccf9f2889ce445aa7ce1e8aa276e165bdb4bac9c45570f9a7a690e55fde39a7dee85f9bbade4666dcdd9ed2b5c807985b94d433f35
-
SSDEEP
6144:AkN8EmRpfI+hiSVwbwZ3X83DDIdwaYIQm613b7cq3N:N8EK1I+hv2M3M3HGlQN3n/3N
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-