General
-
Target
f6dd9b967218e2347184fcb183f4fcb9_JaffaCakes118
-
Size
248KB
-
Sample
240418-acyqnaah57
-
MD5
f6dd9b967218e2347184fcb183f4fcb9
-
SHA1
a2df1007212f46f50097a1faeed350cdf3274e0f
-
SHA256
d1efc25f3742988ae2dd2ffd699ce3e8a24e7917d3b926331b47eb3f4de3b54e
-
SHA512
babbf923ba0891862b64d06a54c1ca1b2b0ce4d3c78b560728dff554f23109b252335a8e308564af80c81230c3d8c82c3b692c88ddfdbba0e6cd1ac7f710afa2
-
SSDEEP
6144:LxtvJ/xaNMzJMH3QN5zfVotrujMbPeGJR/gu2:LjFxviAN5TitujMbtP
Static task
static1
Behavioral task
behavioral1
Sample
f6dd9b967218e2347184fcb183f4fcb9_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
f6dd9b967218e2347184fcb183f4fcb9_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
apostle@cdhrmatel.com - Password:
aMfYdLX3 - Email To:
jwillia91@gmail.com
Targets
-
-
Target
f6dd9b967218e2347184fcb183f4fcb9_JaffaCakes118
-
Size
248KB
-
MD5
f6dd9b967218e2347184fcb183f4fcb9
-
SHA1
a2df1007212f46f50097a1faeed350cdf3274e0f
-
SHA256
d1efc25f3742988ae2dd2ffd699ce3e8a24e7917d3b926331b47eb3f4de3b54e
-
SHA512
babbf923ba0891862b64d06a54c1ca1b2b0ce4d3c78b560728dff554f23109b252335a8e308564af80c81230c3d8c82c3b692c88ddfdbba0e6cd1ac7f710afa2
-
SSDEEP
6144:LxtvJ/xaNMzJMH3QN5zfVotrujMbPeGJR/gu2:LjFxviAN5TitujMbtP
Score10/10-
Detect ZGRat V1
-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-