General
-
Target
fa2daac20b773281c652a8f301bec1cd_JaffaCakes118
-
Size
740KB
-
Sample
240419-ncrt1aac45
-
MD5
fa2daac20b773281c652a8f301bec1cd
-
SHA1
5102cc586ec53bc9be3c8ebef2eb2d186c5442dc
-
SHA256
97fb2897b8023315cc1728ae966b6d2f43fb2496450e80c0eda395487f15c7bd
-
SHA512
561e91266a779ce159fda726f78e958f9f1ebcf6afa3397955aa3bf02c5bce70ff31a1ffc12d5ae20c1ec5cb3de1432bc54b5695014d22a6c62904f842b6dbb8
-
SSDEEP
12288:klpdotNYtNReXmDwU8P9Zx2413a0jwPRkCtkeJ0T1AP6iDP:ktdeX1jP5HNOUaL
Static task
static1
Behavioral task
behavioral1
Sample
fa2daac20b773281c652a8f301bec1cd_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fa2daac20b773281c652a8f301bec1cd_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
bh-16.webhostbox.net - Port:
587 - Username:
arinzelog@miratechs.gq - Password:
7213575aceACE@#$ - Email To:
arinze@miratechs.gq
Targets
-
-
Target
fa2daac20b773281c652a8f301bec1cd_JaffaCakes118
-
Size
740KB
-
MD5
fa2daac20b773281c652a8f301bec1cd
-
SHA1
5102cc586ec53bc9be3c8ebef2eb2d186c5442dc
-
SHA256
97fb2897b8023315cc1728ae966b6d2f43fb2496450e80c0eda395487f15c7bd
-
SHA512
561e91266a779ce159fda726f78e958f9f1ebcf6afa3397955aa3bf02c5bce70ff31a1ffc12d5ae20c1ec5cb3de1432bc54b5695014d22a6c62904f842b6dbb8
-
SSDEEP
12288:klpdotNYtNReXmDwU8P9Zx2413a0jwPRkCtkeJ0T1AP6iDP:ktdeX1jP5HNOUaL
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-