General
-
Target
f603264ee85d737bec54e57115dd162e_JaffaCakes118
-
Size
291KB
-
Sample
240417-r4kfsacf48
-
MD5
f603264ee85d737bec54e57115dd162e
-
SHA1
5fe32dcfa44dd2fe53c67eace5bf9a8381ba9b0d
-
SHA256
4f449dcfc6f1a34508e8cadf4c681960820abd57309946baedb7b0f1c6644602
-
SHA512
344323303c477f10716966fa25c22b725f89bc73325378cf61ac8ad83478518379e4c35088a28fb8969a0576e7ea9aab236217ebfc3cd589ced250c1c171fb98
-
SSDEEP
6144:wBlL/cw1ewowIpj+BMeM73RxW+LeEaBEs4i12WNesyAsqQ9PR99:Ceae1wBMX7S+LeHEk2WMsZiv
Static task
static1
Behavioral task
behavioral1
Sample
f603264ee85d737bec54e57115dd162e_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
f603264ee85d737bec54e57115dd162e_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/zqwdycz.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/zqwdycz.dll
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f603264ee85d737bec54e57115dd162e_JaffaCakes118
-
Size
291KB
-
MD5
f603264ee85d737bec54e57115dd162e
-
SHA1
5fe32dcfa44dd2fe53c67eace5bf9a8381ba9b0d
-
SHA256
4f449dcfc6f1a34508e8cadf4c681960820abd57309946baedb7b0f1c6644602
-
SHA512
344323303c477f10716966fa25c22b725f89bc73325378cf61ac8ad83478518379e4c35088a28fb8969a0576e7ea9aab236217ebfc3cd589ced250c1c171fb98
-
SSDEEP
6144:wBlL/cw1ewowIpj+BMeM73RxW+LeEaBEs4i12WNesyAsqQ9PR99:Ceae1wBMX7S+LeHEk2WMsZiv
Score10/10-
Snake Keylogger payload
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/zqwdycz.dll
-
Size
30KB
-
MD5
b2ac7f18c76b6104e99389f24cd36856
-
SHA1
cfcdbe385c7460a10902fc97f4861ebafc5f4f1b
-
SHA256
013997b08f68be3675e38ef8e2c7bd58d7eadfea520d9cb1a520a0c1f195f5b3
-
SHA512
138d388f727522c70d8d6feb3497536ef3871287f3b55e746e6d2af1831dbc0ff13fcb044271353f3b40914901c0fcbe6d4a1ae483ca6654a94ed41283fba1db
-
SSDEEP
384:ncnX0OmC7zGggDeHu6swci/+9YFKBJSQfZ9FvfGQTu2NtH9VCKTk4YVHnV1nGfqI:cw6szi/YfSQr9+Ou2TyZHV11G7Th
Score10/10-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-