General
-
Target
3c79639ff8699d1ec0154d6d6eac37db_JaffaCakes118
-
Size
1.2MB
-
Sample
240712-janbkswdqa
-
MD5
3c79639ff8699d1ec0154d6d6eac37db
-
SHA1
b9f420d4c8c85e56876891f8521e4dab38ae0a15
-
SHA256
77d20e04d420adbb732bdd2d365afa1ce9b85585c443c894039bc972d88a9353
-
SHA512
c60cffb5633787520a5225b453c0a578bb263f24c780759358c03b6a564836b8200164cbdb773d49e3fb8c4ac5e2349aa78b0fa9f1ff097a2b993527af157604
-
SSDEEP
12288:OpoAjC84Mab0k/05qD4xgca8ndRg9SRmINmnxjA:MC9MY4xXa8dQSWZA
Static task
static1
Behavioral task
behavioral1
Sample
McDERMOTT STANDARD TERMS AND CONDITIONS(Inclusive of Appendix Kakinada - R0186232.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
McDERMOTT STANDARD TERMS AND CONDITIONS(Inclusive of Appendix Kakinada - R0186232.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
snakekeylogger
Protocol: ftp- Host:
ftp://bitrix370.timeweb.ru/ - Port:
21 - Username:
cn94754 - Password:
c2eitfpidhgS
Targets
-
-
Target
McDERMOTT STANDARD TERMS AND CONDITIONS(Inclusive of Appendix Kakinada - R0186232.exe
-
Size
713KB
-
MD5
343a265bfdb9b15f6b99db339112d799
-
SHA1
4a9a4a28d2cd8f5da07be8bd6602c753635b5436
-
SHA256
45b183f3ab8e0ad421664b353e4951aa08d3f2e0ee0667a5b10d4dba5e5bb691
-
SHA512
c666bc106d903cbabb203dabfd497bcdb79483d5ea3d2288fe767d427ee96c606c578e4628b93bc4f8a8590114f69641ab3109d2a9aefa0e39270c3d1b1882c0
-
SSDEEP
12288:ZpoAjC84Mab0k/05qD4xgca8ndRg9SRmINmnxjA:fC9MY4xXa8dQSWZA
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-