General
-
Target
ff846736e7e7c087bafa2fe9c2ba5c74_JaffaCakes118
-
Size
1.0MB
-
Sample
240421-r3ya9ade56
-
MD5
ff846736e7e7c087bafa2fe9c2ba5c74
-
SHA1
a4d77162c53cab1db7f27a17eb860b15671ae2f2
-
SHA256
6e4ee83339f06e9cc50d8155757fa3a8cdb81f637183916df01654c3013d0a2e
-
SHA512
25d7ea3648d52cee211666912a442a5e3c126c6146e269fc8c6d744053069a80090b6fbfd3705d34787de262cad893509cbd961eb346b8e2c786755cde6b35d0
-
SSDEEP
24576:+o2A4dnYonwyL1c2IGwJJ2NbGqzzSHxfZr/NJKao8:hb81wAIb0NBWxhxJKl8
Static task
static1
Behavioral task
behavioral1
Sample
ff846736e7e7c087bafa2fe9c2ba5c74_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ff846736e7e7c087bafa2fe9c2ba5c74_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.fireacoustics.com - Port:
587 - Username:
worshippersnake@fireacoustics.com - Password:
_d:rzD~62Jxh - Email To:
returnbox321@gmail.com
Targets
-
-
Target
ff846736e7e7c087bafa2fe9c2ba5c74_JaffaCakes118
-
Size
1.0MB
-
MD5
ff846736e7e7c087bafa2fe9c2ba5c74
-
SHA1
a4d77162c53cab1db7f27a17eb860b15671ae2f2
-
SHA256
6e4ee83339f06e9cc50d8155757fa3a8cdb81f637183916df01654c3013d0a2e
-
SHA512
25d7ea3648d52cee211666912a442a5e3c126c6146e269fc8c6d744053069a80090b6fbfd3705d34787de262cad893509cbd961eb346b8e2c786755cde6b35d0
-
SSDEEP
24576:+o2A4dnYonwyL1c2IGwJJ2NbGqzzSHxfZr/NJKao8:hb81wAIb0NBWxhxJKl8
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-