General
-
Target
f60ed04769139d755163e5c5424cff7c_JaffaCakes118
-
Size
29.0MB
-
Sample
240417-skg2zsde43
-
MD5
f60ed04769139d755163e5c5424cff7c
-
SHA1
2a3c275e094b52048cf88ad5df639c51f9cd8a1e
-
SHA256
347091ddccd2398c42dcb4a2ebf9f7138674e5657e960082db4b7bbeff3be447
-
SHA512
ab3e165336402350c64205723883891e4e912b7d767fa22049c7765170f6ff491f0c20ccdd0c1bc076e270b49d26ba020b0ad25697d134ce9d38e00b19186125
-
SSDEEP
24576:1CDnvW5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+h8:4zOiec51aKgNF63ENQuiNB/e
Static task
static1
Behavioral task
behavioral1
Sample
f60ed04769139d755163e5c5424cff7c_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f60ed04769139d755163e5c5424cff7c_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
snack@gdrogroup.com - Password:
y)rZiXc(6 - Email To:
rr3rattlesnack@gmail.com
Targets
-
-
Target
f60ed04769139d755163e5c5424cff7c_JaffaCakes118
-
Size
29.0MB
-
MD5
f60ed04769139d755163e5c5424cff7c
-
SHA1
2a3c275e094b52048cf88ad5df639c51f9cd8a1e
-
SHA256
347091ddccd2398c42dcb4a2ebf9f7138674e5657e960082db4b7bbeff3be447
-
SHA512
ab3e165336402350c64205723883891e4e912b7d767fa22049c7765170f6ff491f0c20ccdd0c1bc076e270b49d26ba020b0ad25697d134ce9d38e00b19186125
-
SSDEEP
24576:1CDnvW5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+h8:4zOiec51aKgNF63ENQuiNB/e
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-