General
-
Target
f7a3c6820a7c272ca0d7329fd46422b9_JaffaCakes118
-
Size
338KB
-
Sample
240418-kg29rahe3x
-
MD5
f7a3c6820a7c272ca0d7329fd46422b9
-
SHA1
dc30ec4a6373b4a96a305b5b4916abae566c128a
-
SHA256
fe2c14fdc5a2386dd8c33ea620ee1a2b02dd2703730f71a48d77b2df12c1f8ae
-
SHA512
6abc206af9aa8939d744087e9c8358bb5d4281ad8c84918452428974acb08d49192e3fe73e15ff63a628d20a190c669507dd7a9a8058f6b086fa585d5dd3c272
-
SSDEEP
6144:OnbJgR62Sy5eGgNyeMjRmTU9vZv+ISBcvbeKnmLpjP77:OF2x5fLe0RNvwIEcD1nm137
Static task
static1
Behavioral task
behavioral1
Sample
f7a3c6820a7c272ca0d7329fd46422b9_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f7a3c6820a7c272ca0d7329fd46422b9_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.greentrading.com.pk - Port:
26 - Username:
info@greentrading.com.pk - Password:
lovetoall - Email To:
Marketing11@szztsa.com
Targets
-
-
Target
f7a3c6820a7c272ca0d7329fd46422b9_JaffaCakes118
-
Size
338KB
-
MD5
f7a3c6820a7c272ca0d7329fd46422b9
-
SHA1
dc30ec4a6373b4a96a305b5b4916abae566c128a
-
SHA256
fe2c14fdc5a2386dd8c33ea620ee1a2b02dd2703730f71a48d77b2df12c1f8ae
-
SHA512
6abc206af9aa8939d744087e9c8358bb5d4281ad8c84918452428974acb08d49192e3fe73e15ff63a628d20a190c669507dd7a9a8058f6b086fa585d5dd3c272
-
SSDEEP
6144:OnbJgR62Sy5eGgNyeMjRmTU9vZv+ISBcvbeKnmLpjP77:OF2x5fLe0RNvwIEcD1nm137
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-