General
-
Target
fc0db378526e0390aea7225c5ad1b670_JaffaCakes118
-
Size
898KB
-
Sample
240420-gff4caaa22
-
MD5
fc0db378526e0390aea7225c5ad1b670
-
SHA1
8aaf86828baba01826c4a7cbe8671666349741f4
-
SHA256
d1806ea82f68991ebed04a4a3582c0f6ea60c0a93245159b7bc1ef38c3b46ce8
-
SHA512
880105024dd191d947096e7483b62d9765ebc97bb590f93ffa24aae3576e3b016dd779211be8fe6b561155e0ee3543c233265b2aaad1087d926b49870dd4c379
-
SSDEEP
12288:wq3oo4PDASNK8C6jc/GAZc1UGUtnZ7cjsNYdB7Mu8k8BLKTzaxlBzJq13:wMyAcK8CWc/fZc6GKZ7mMu8KPEE9
Static task
static1
Behavioral task
behavioral1
Sample
fc0db378526e0390aea7225c5ad1b670_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fc0db378526e0390aea7225c5ad1b670_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
alexfoxfreight.com - Port:
587 - Username:
accounts@alexfoxfreight.com - Password:
Ueos*93sj!#!12 - Email To:
accounts@alexfoxfreight.com
Targets
-
-
Target
fc0db378526e0390aea7225c5ad1b670_JaffaCakes118
-
Size
898KB
-
MD5
fc0db378526e0390aea7225c5ad1b670
-
SHA1
8aaf86828baba01826c4a7cbe8671666349741f4
-
SHA256
d1806ea82f68991ebed04a4a3582c0f6ea60c0a93245159b7bc1ef38c3b46ce8
-
SHA512
880105024dd191d947096e7483b62d9765ebc97bb590f93ffa24aae3576e3b016dd779211be8fe6b561155e0ee3543c233265b2aaad1087d926b49870dd4c379
-
SSDEEP
12288:wq3oo4PDASNK8C6jc/GAZc1UGUtnZ7cjsNYdB7Mu8k8BLKTzaxlBzJq13:wMyAcK8CWc/fZc6GKZ7mMu8KPEE9
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-