General
-
Target
3bab5a83ae6ad5c2db06ab7cd93ef41d_JaffaCakes118
-
Size
469KB
-
Sample
240712-cywjjavdqr
-
MD5
3bab5a83ae6ad5c2db06ab7cd93ef41d
-
SHA1
6216d7952c43211d569661e19a3d2113c1791ccd
-
SHA256
fe7df92181e76423cacfe97a95fca017a027f3dc5c00822389614cd1f6492a76
-
SHA512
3e5bb9e2b6b770f66465d5867b0d27e7399f91766b9a6de13271b1f81226e469763f51bcfbc4ee794ece2ecd3723f8a791794f101b32751b3d955faea148ed32
-
SSDEEP
12288:RyR+HQW6hGww0sm7lueFx9KSyOO58tctGjh4Vvz:RyR+wby0sm7luex5yOOOiAhmvz
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1696248561:AAELXu6APanbtx1va3V24yWuQqYB4lDCkBI/sendMessage?chat_id=1594516081
Targets
-
-
Target
Purchase Order.exe
-
Size
481KB
-
MD5
7f973c2c37a9e858e167b5051cab9bcf
-
SHA1
86bd925fd67cf521555e21ec108e8f671977ce7f
-
SHA256
7d66022b23aa84304657d92e2594f56331036896d42538a6aed0f24c9db6ded9
-
SHA512
531f7cc3dd9c0bed746879d13150d884724989b661ea451fd25bf719ad4b6d55454b4a3b6339f9b8d20231d7a838eb80d0a0b271ac5132718e63e6f252e234b3
-
SSDEEP
12288:dmd0uLs9Uj4HFS8ZxPaUZNxdALhog+t6k:d/W4xWaZAFoHt6k
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-