General
-
Target
3fe2596f06b31058fb5614b5d9f7bc0f_JaffaCakes118
-
Size
682KB
-
Sample
240713-c83qlascrn
-
MD5
3fe2596f06b31058fb5614b5d9f7bc0f
-
SHA1
6940ec12152682a3c89a305b3ec8fdb3fbcccd20
-
SHA256
14aa67b289452fbb68197a676f9a291aae35cd72c3bc7b425e7c42645aac6d65
-
SHA512
b04a6f6127c93487df80485adc65af14060e8c931dc3cd500b0ef5fe0f5e45a33dc6e02a308c160485612ce30bef4a4d369e9c15d3eb0a52ae5041201dce1716
-
SSDEEP
12288:JDs0V8RmEVoxYZuCTLWIZZBNt43NEemWZmqj:dnyRmEZuCHLNt43Nkw
Static task
static1
Behavioral task
behavioral1
Sample
3fe2596f06b31058fb5614b5d9f7bc0f_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3fe2596f06b31058fb5614b5d9f7bc0f_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
lz0xkoqy.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
lz0xkoqy.dll
Resource
win10v2004-20240709-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1171994922:AAHrYAv7JIpM5hzPMScAJJOdE7TBb00NwJY/sendMessage?chat_id=1194949947
Targets
-
-
Target
3fe2596f06b31058fb5614b5d9f7bc0f_JaffaCakes118
-
Size
682KB
-
MD5
3fe2596f06b31058fb5614b5d9f7bc0f
-
SHA1
6940ec12152682a3c89a305b3ec8fdb3fbcccd20
-
SHA256
14aa67b289452fbb68197a676f9a291aae35cd72c3bc7b425e7c42645aac6d65
-
SHA512
b04a6f6127c93487df80485adc65af14060e8c931dc3cd500b0ef5fe0f5e45a33dc6e02a308c160485612ce30bef4a4d369e9c15d3eb0a52ae5041201dce1716
-
SSDEEP
12288:JDs0V8RmEVoxYZuCTLWIZZBNt43NEemWZmqj:dnyRmEZuCHLNt43Nkw
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
fccff8cb7a1067e23fd2e2b63971a8e1
-
SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91
-
SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
-
SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
-
SSDEEP
192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score3/10 -
-
-
Target
lz0xkoqy.dll
-
Size
11KB
-
MD5
1dc8118acd04962a04f537c7dabe17be
-
SHA1
c04648b207433324803c595b22efaafc2423bfd3
-
SHA256
de757495d61e622adffed7588acdb5eba2f18734c13eaf9e25949779f2cb75fe
-
SHA512
54107302bff8bfe9179f969f13045f83281ae9aef8ab2e723f0aa540fc46dc86d2a23b79ecfd6700b2fedbf3cf729a0693887bbad772fa993a5a7ee8bb9c0475
-
SSDEEP
192:IRkq0eddH2mOTFM6tlPFfYamGaGQITKzWAg8CRuDqxz6:QkS8FMOl9g0aZITQ6R5
Score3/10 -