General
-
Target
ffe2d7cdf38263ebe1fea1fb9637d4dd_JaffaCakes118
-
Size
1.1MB
-
Sample
240421-wz7gzahc6v
-
MD5
ffe2d7cdf38263ebe1fea1fb9637d4dd
-
SHA1
def5e55a3af8e50ff670739737c371cf8023a558
-
SHA256
dff42679afcea87ecd2b5672a22513d079cc74304ec51e9bec7b2e205b83f694
-
SHA512
89626dc8a5287b6e52821a7cac0b7269012a34209bdfa54cb1a190fcf156be9e0f9eb28e020658f7d70cb0c0c2137ead12af69f835ab1da4f18cdd4a55c417f5
-
SSDEEP
24576:ZywF7erJhw2D8HZfxII4TypFbHdhF2ngyBEvlh00RIgZoR6:52IKIAypbhF2nTEvlh0kSs
Static task
static1
Behavioral task
behavioral1
Sample
ffe2d7cdf38263ebe1fea1fb9637d4dd_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ffe2d7cdf38263ebe1fea1fb9637d4dd_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.fortissoftwaresolution.com - Port:
587 - Username:
info@fortissoftwaresolution.com - Password:
Fortis@123 - Email To:
jodyfuller356@gmail.com
Targets
-
-
Target
ffe2d7cdf38263ebe1fea1fb9637d4dd_JaffaCakes118
-
Size
1.1MB
-
MD5
ffe2d7cdf38263ebe1fea1fb9637d4dd
-
SHA1
def5e55a3af8e50ff670739737c371cf8023a558
-
SHA256
dff42679afcea87ecd2b5672a22513d079cc74304ec51e9bec7b2e205b83f694
-
SHA512
89626dc8a5287b6e52821a7cac0b7269012a34209bdfa54cb1a190fcf156be9e0f9eb28e020658f7d70cb0c0c2137ead12af69f835ab1da4f18cdd4a55c417f5
-
SSDEEP
24576:ZywF7erJhw2D8HZfxII4TypFbHdhF2ngyBEvlh00RIgZoR6:52IKIAypbhF2nTEvlh0kSs
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-