General
-
Target
fcb62aa0c548b3c61ca192d7d9c3e247_JaffaCakes118
-
Size
427KB
-
Sample
240420-n2dnnsgf8z
-
MD5
fcb62aa0c548b3c61ca192d7d9c3e247
-
SHA1
2f63d56a05d5080196564000cce0596de47e14ce
-
SHA256
d2bafc5735561372f657e238124d43f645c911c229b37b1e6fa5ddf3084aea8d
-
SHA512
b10115ea264e75482584e918f0a8e10958c5679cb8f7862d003e03ecc57e8d5220db5283aa078d9da30208ff97df373cf7b4272445b6befde47af96ffd30ff99
-
SSDEEP
6144:xDVMKJr9bGFwIDUJ5HUuYwiehjjXmRmO0xdwyERRRHje8GoJvQ:vMKrqSIDHwieh/5gyEtGoJ
Static task
static1
Behavioral task
behavioral1
Sample
fcb62aa0c548b3c61ca192d7d9c3e247_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fcb62aa0c548b3c61ca192d7d9c3e247_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
netjul.club - Port:
587 - Username:
denaltwo@netjul.club - Password:
o$%RX3!!2vS! - Email To:
denaltwo@netjul.club
Targets
-
-
Target
fcb62aa0c548b3c61ca192d7d9c3e247_JaffaCakes118
-
Size
427KB
-
MD5
fcb62aa0c548b3c61ca192d7d9c3e247
-
SHA1
2f63d56a05d5080196564000cce0596de47e14ce
-
SHA256
d2bafc5735561372f657e238124d43f645c911c229b37b1e6fa5ddf3084aea8d
-
SHA512
b10115ea264e75482584e918f0a8e10958c5679cb8f7862d003e03ecc57e8d5220db5283aa078d9da30208ff97df373cf7b4272445b6befde47af96ffd30ff99
-
SSDEEP
6144:xDVMKJr9bGFwIDUJ5HUuYwiehjjXmRmO0xdwyERRRHje8GoJvQ:vMKrqSIDHwieh/5gyEtGoJ
-
Detect ZGRat V1
-
Snake Keylogger payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-