General
-
Target
fe8a44e7223bfebf50d2893845a70146_JaffaCakes118
-
Size
387KB
-
Sample
240421-f5a3yscf3z
-
MD5
fe8a44e7223bfebf50d2893845a70146
-
SHA1
0d001ba7d94d84e1554b57da5dada6e059dbeac1
-
SHA256
c6d2dd201807bd449e2d0f6fcbf31e89bb35d7809a492960b2c7b84129f60e6f
-
SHA512
5e928b908bd79ba40ca05d555a3bd4751d280727ef6a33ac877df378c5e6d561f98aa141b27edf2fe57cfa42d6c58e41d058d62b037a42d987d8376fb14b77d0
-
SSDEEP
6144:26rmM8xtvJ/xaJ6Mj/LP1OotM+B0cwhIs1/51aJPrD7ovV:27jFxi6MbxO4MzlAD7UV
Static task
static1
Behavioral task
behavioral1
Sample
fe8a44e7223bfebf50d2893845a70146_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fe8a44e7223bfebf50d2893845a70146_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ccmainoffice.com - Port:
587 - Username:
ccs@ccmainoffice.com - Password:
GR{I#+9{z4k6 - Email To:
bpnorsernarine@gmail.com
Targets
-
-
Target
fe8a44e7223bfebf50d2893845a70146_JaffaCakes118
-
Size
387KB
-
MD5
fe8a44e7223bfebf50d2893845a70146
-
SHA1
0d001ba7d94d84e1554b57da5dada6e059dbeac1
-
SHA256
c6d2dd201807bd449e2d0f6fcbf31e89bb35d7809a492960b2c7b84129f60e6f
-
SHA512
5e928b908bd79ba40ca05d555a3bd4751d280727ef6a33ac877df378c5e6d561f98aa141b27edf2fe57cfa42d6c58e41d058d62b037a42d987d8376fb14b77d0
-
SSDEEP
6144:26rmM8xtvJ/xaJ6Mj/LP1OotM+B0cwhIs1/51aJPrD7ovV:27jFxi6MbxO4MzlAD7UV
Score10/10-
Detect ZGRat V1
-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-