General
-
Target
f826222ce15feefe3db0e05a0a8d3b28_JaffaCakes118
-
Size
1.2MB
-
Sample
240418-rbbceagb6t
-
MD5
f826222ce15feefe3db0e05a0a8d3b28
-
SHA1
7fb72dd607a6ecb4feb6d349d2eb6247bc06d81b
-
SHA256
ace1da8276007015547f39a609d2fb1ad3b286df841c5bb70d36934c9f32a140
-
SHA512
cc9dab4b8640177b183f904c8a52748f1bf9a64ea921451cce04f2732815850c8ac3a1db4e135a50e45cd59f57d2e3db2eb690395baec2c34930fec7436c9a43
-
SSDEEP
24576:ORS/d3GKzks1ksfJ4wlctmWMOE3Xq05jFSXvrRG27RJy8jh8N6ZNBZ:UKBJ4rtmBpms2neN6ZNB
Static task
static1
Behavioral task
behavioral1
Sample
f826222ce15feefe3db0e05a0a8d3b28_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f826222ce15feefe3db0e05a0a8d3b28_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.cavilum.cl - Port:
587 - Username:
mmardones@cavilum.cl - Password:
Cavilum4313 - Email To:
nominas@haciendacantalagua.com
Targets
-
-
Target
f826222ce15feefe3db0e05a0a8d3b28_JaffaCakes118
-
Size
1.2MB
-
MD5
f826222ce15feefe3db0e05a0a8d3b28
-
SHA1
7fb72dd607a6ecb4feb6d349d2eb6247bc06d81b
-
SHA256
ace1da8276007015547f39a609d2fb1ad3b286df841c5bb70d36934c9f32a140
-
SHA512
cc9dab4b8640177b183f904c8a52748f1bf9a64ea921451cce04f2732815850c8ac3a1db4e135a50e45cd59f57d2e3db2eb690395baec2c34930fec7436c9a43
-
SSDEEP
24576:ORS/d3GKzks1ksfJ4wlctmWMOE3Xq05jFSXvrRG27RJy8jh8N6ZNBZ:UKBJ4rtmBpms2neN6ZNB
Score10/10-
Snake Keylogger payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-