General
-
Target
f84d565dff7b1c51703106b1c7bd9eb5_JaffaCakes118
-
Size
971KB
-
Sample
240418-syh67sgh43
-
MD5
f84d565dff7b1c51703106b1c7bd9eb5
-
SHA1
de38e9e10a062491538568943580c796210ddada
-
SHA256
f1de9338fbad62a713783b8bea0f29898ce194a0fc211d7fcd878d5be0c793ca
-
SHA512
4c5aeb6053b9e8eccd363eafc25ba9b48f5ed697cd3d8885f5aa30ab092769587f993171071864997e0c896a7f228f345f717f3822e832aeeaff2e3ced730fd4
-
SSDEEP
24576:ENnB1Yi6dOOG/dQJaK668dSHKv0897sS1:ENnAi8JaK6QXS1
Static task
static1
Behavioral task
behavioral1
Sample
f84d565dff7b1c51703106b1c7bd9eb5_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
f84d565dff7b1c51703106b1c7bd9eb5_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.fireacoustics.com - Port:
587 - Username:
worshippersnake@fireacoustics.com - Password:
_d:rzD~62Jxh - Email To:
returnbox321@gmail.com
Targets
-
-
Target
f84d565dff7b1c51703106b1c7bd9eb5_JaffaCakes118
-
Size
971KB
-
MD5
f84d565dff7b1c51703106b1c7bd9eb5
-
SHA1
de38e9e10a062491538568943580c796210ddada
-
SHA256
f1de9338fbad62a713783b8bea0f29898ce194a0fc211d7fcd878d5be0c793ca
-
SHA512
4c5aeb6053b9e8eccd363eafc25ba9b48f5ed697cd3d8885f5aa30ab092769587f993171071864997e0c896a7f228f345f717f3822e832aeeaff2e3ced730fd4
-
SSDEEP
24576:ENnB1Yi6dOOG/dQJaK668dSHKv0897sS1:ENnAi8JaK6QXS1
Score10/10-
Snake Keylogger payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-