General
-
Target
f6c3a902929c045050ef8c4de8233803_JaffaCakes118
-
Size
410KB
-
Sample
240417-21gktsaa7x
-
MD5
f6c3a902929c045050ef8c4de8233803
-
SHA1
b826f62738f8ead89624230e1c4fce581170588e
-
SHA256
4904eb9d14caf0d27edb86f213ad699037d774bedf0eab61938dcbc739b6ffc0
-
SHA512
03ca9c01ace72f9223083de47b781d6eb2b28b1a3d8a24b2f261c6c0631fe465547f3a7f6b81064667f97977999c28818822a7d8e047d6a24946d5ed8307244b
-
SSDEEP
12288:JGqxEFVzMF9tsoS8dZHJ2bDuIqRHs+tfbcQ4:JGq2a9tsZ8diwRH4
Static task
static1
Behavioral task
behavioral1
Sample
f6c3a902929c045050ef8c4de8233803_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
f6c3a902929c045050ef8c4de8233803_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
parvin.artin@yandex.com - Password:
4U9IF}6&=X - Email To:
parvin.artin@yandex.com
Targets
-
-
Target
f6c3a902929c045050ef8c4de8233803_JaffaCakes118
-
Size
410KB
-
MD5
f6c3a902929c045050ef8c4de8233803
-
SHA1
b826f62738f8ead89624230e1c4fce581170588e
-
SHA256
4904eb9d14caf0d27edb86f213ad699037d774bedf0eab61938dcbc739b6ffc0
-
SHA512
03ca9c01ace72f9223083de47b781d6eb2b28b1a3d8a24b2f261c6c0631fe465547f3a7f6b81064667f97977999c28818822a7d8e047d6a24946d5ed8307244b
-
SSDEEP
12288:JGqxEFVzMF9tsoS8dZHJ2bDuIqRHs+tfbcQ4:JGq2a9tsZ8diwRH4
Score10/10-
Detect ZGRat V1
-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-