General
-
Target
f8234f03f173f5991465b1e733e7d808_JaffaCakes118
-
Size
964KB
-
Sample
240418-q7l84sga4z
-
MD5
f8234f03f173f5991465b1e733e7d808
-
SHA1
dd644200b86175592796cd7fc5eb5332883e7f69
-
SHA256
907bed63f29c88a9e192e313c4b51ea6cca3d580a586baae4b6c5791221489cb
-
SHA512
096c7b819c2f2354c4c510ff4a441e7f56429ec2d970d83f8b4132ff637ee7795af135d0734b9c2804efa50163d0409e5ff51c89a3b7b0e27448bd7f6692bbf4
-
SSDEEP
24576:t4jrG+lf4W795/d3k64JawO/4u2rzXTS:ten+64Jav8zjS
Static task
static1
Behavioral task
behavioral1
Sample
f8234f03f173f5991465b1e733e7d808_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f8234f03f173f5991465b1e733e7d808_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ademkocplastik.com.tr - Port:
587 - Username:
ihracat@ademkocplastik.com.tr - Password:
Ad1.iqwerty?_ - Email To:
info@tarsusmetalcelik.com
Targets
-
-
Target
f8234f03f173f5991465b1e733e7d808_JaffaCakes118
-
Size
964KB
-
MD5
f8234f03f173f5991465b1e733e7d808
-
SHA1
dd644200b86175592796cd7fc5eb5332883e7f69
-
SHA256
907bed63f29c88a9e192e313c4b51ea6cca3d580a586baae4b6c5791221489cb
-
SHA512
096c7b819c2f2354c4c510ff4a441e7f56429ec2d970d83f8b4132ff637ee7795af135d0734b9c2804efa50163d0409e5ff51c89a3b7b0e27448bd7f6692bbf4
-
SSDEEP
24576:t4jrG+lf4W795/d3k64JawO/4u2rzXTS:ten+64Jav8zjS
Score10/10-
Snake Keylogger payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-