General
-
Target
fa68c840bbdc276a3e45d58648c9fc71_JaffaCakes118
-
Size
789KB
-
Sample
240419-qvgg4aef4y
-
MD5
fa68c840bbdc276a3e45d58648c9fc71
-
SHA1
7279a649f988d9aaf831f0e20f2dadc11f2b0f46
-
SHA256
39eb8788c0b7e09435f77feeb01392f97d7178c0ca95db1e5d78f6739861da95
-
SHA512
feb00d02ef73c32e9592bb0c74919c93fa052a64d923df1b78b10a69bf5e7306d0e6ba538c50fc656066bdd175ebd4e9d981e6fc9523a95aca5268c8b5b1ef96
-
SSDEEP
12288:l1Wl8Tp1MxskWv6wfk6WyxmMguzd7c1vEfKCeh8e+Yw:lAGs0yN6WyweaUy8e+/
Static task
static1
Behavioral task
behavioral1
Sample
fa68c840bbdc276a3e45d58648c9fc71_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
fa68c840bbdc276a3e45d58648c9fc71_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.greentrading.com.pk - Port:
26 - Username:
info@greentrading.com.pk - Password:
lovetoall - Email To:
Marketing11@szztsa.com
Targets
-
-
Target
fa68c840bbdc276a3e45d58648c9fc71_JaffaCakes118
-
Size
789KB
-
MD5
fa68c840bbdc276a3e45d58648c9fc71
-
SHA1
7279a649f988d9aaf831f0e20f2dadc11f2b0f46
-
SHA256
39eb8788c0b7e09435f77feeb01392f97d7178c0ca95db1e5d78f6739861da95
-
SHA512
feb00d02ef73c32e9592bb0c74919c93fa052a64d923df1b78b10a69bf5e7306d0e6ba538c50fc656066bdd175ebd4e9d981e6fc9523a95aca5268c8b5b1ef96
-
SSDEEP
12288:l1Wl8Tp1MxskWv6wfk6WyxmMguzd7c1vEfKCeh8e+Yw:lAGs0yN6WyweaUy8e+/
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-