General
-
Target
fd7240f2297ec144836d3319623dc897_JaffaCakes118
-
Size
427KB
-
Sample
240420-xxjhssff82
-
MD5
fd7240f2297ec144836d3319623dc897
-
SHA1
bb1ab045a636b5db94f0eddc41681f75797847e2
-
SHA256
ab5c61e8e00e5d487970b39587317dc85efc21123f5500e36467e80d20d85326
-
SHA512
354dc8ecdca3d615205469be64f591d621f9e2fa28b58956087e1bab87240833c6f025c02d38e9657e4cf050f51c4717ebe9c10480920cdfd9076641c7e43fc3
-
SSDEEP
6144:xMkhBZspWjc6x2DD/jr9PMYOHeTrLZJihXIvQL0oexCxG1BaYB:aSBOqXx2DPrFNUMPihj0oeMkBj
Static task
static1
Behavioral task
behavioral1
Sample
fd7240f2297ec144836d3319623dc897_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fd7240f2297ec144836d3319623dc897_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ghench.com - Port:
587 - Username:
arzu@ghench.com - Password:
Tzr/8267/06 - Email To:
arzu@ghench.com
Targets
-
-
Target
fd7240f2297ec144836d3319623dc897_JaffaCakes118
-
Size
427KB
-
MD5
fd7240f2297ec144836d3319623dc897
-
SHA1
bb1ab045a636b5db94f0eddc41681f75797847e2
-
SHA256
ab5c61e8e00e5d487970b39587317dc85efc21123f5500e36467e80d20d85326
-
SHA512
354dc8ecdca3d615205469be64f591d621f9e2fa28b58956087e1bab87240833c6f025c02d38e9657e4cf050f51c4717ebe9c10480920cdfd9076641c7e43fc3
-
SSDEEP
6144:xMkhBZspWjc6x2DD/jr9PMYOHeTrLZJihXIvQL0oexCxG1BaYB:aSBOqXx2DPrFNUMPihj0oeMkBj
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-