General
-
Target
fd08e8300163f6e6149981178eb92081_JaffaCakes118
-
Size
1.1MB
-
Sample
240420-sgtllsbg3v
-
MD5
fd08e8300163f6e6149981178eb92081
-
SHA1
138efd092fd8f03c9ba5a03ccc7a55c1a778c323
-
SHA256
96116f10bcc8147d8f9701a273df73f2833e3a8ec1b0916f69aafc4e19ab278b
-
SHA512
040a0b66a1e508a1b29ce85e0879283f9e632626d4889f6205f7525f228230b44188b597030e63d448e185516e153fba503e1de677c4eb39fed89b503151b5d8
-
SSDEEP
24576:2yfx8DgCfx8DgRIVoaRxL7fDX9GhmdowM5kBykEDoY9NwDZX1JgZnongLLU:p58DgC58DguV5RFXWmmwM5Nr1CZX8ZnW
Static task
static1
Behavioral task
behavioral1
Sample
fd08e8300163f6e6149981178eb92081_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fd08e8300163f6e6149981178eb92081_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.divar.dk - Port:
587 - Username:
post@divar.dk - Password:
Henriette1 - Email To:
post@divar.dk
Targets
-
-
Target
fd08e8300163f6e6149981178eb92081_JaffaCakes118
-
Size
1.1MB
-
MD5
fd08e8300163f6e6149981178eb92081
-
SHA1
138efd092fd8f03c9ba5a03ccc7a55c1a778c323
-
SHA256
96116f10bcc8147d8f9701a273df73f2833e3a8ec1b0916f69aafc4e19ab278b
-
SHA512
040a0b66a1e508a1b29ce85e0879283f9e632626d4889f6205f7525f228230b44188b597030e63d448e185516e153fba503e1de677c4eb39fed89b503151b5d8
-
SSDEEP
24576:2yfx8DgCfx8DgRIVoaRxL7fDX9GhmdowM5kBykEDoY9NwDZX1JgZnongLLU:p58DgC58DguV5RFXWmmwM5Nr1CZX8ZnW
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-