General
-
Target
403f34eceedc86a71afe4aaa73953904_JaffaCakes118
-
Size
584KB
-
Sample
240713-fcyzbawelm
-
MD5
403f34eceedc86a71afe4aaa73953904
-
SHA1
5953895b5b47a16134b4659727a312af751dbe80
-
SHA256
707b7a71040cf271f095df37823268efda90905603fa025719806b68edf13045
-
SHA512
b2f9137440475570e414d478c7cdd8553ab11e73f1528284f5211d1ba630bbdf617bd19aca996bce8a04491bd27f4973917b5419a87980f292bd2431a8dbe545
-
SSDEEP
12288:ewcxouasTQ1ATxEVVVunnLv6pTqyyA+OEV6XEMRjnbRvV:ew2outdWViOpTqz5MRjn
Static task
static1
Behavioral task
behavioral1
Sample
403f34eceedc86a71afe4aaa73953904_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
403f34eceedc86a71afe4aaa73953904_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1696248561:AAELXu6APanbtx1va3V24yWuQqYB4lDCkBI/sendMessage?chat_id=1594516081
Targets
-
-
Target
403f34eceedc86a71afe4aaa73953904_JaffaCakes118
-
Size
584KB
-
MD5
403f34eceedc86a71afe4aaa73953904
-
SHA1
5953895b5b47a16134b4659727a312af751dbe80
-
SHA256
707b7a71040cf271f095df37823268efda90905603fa025719806b68edf13045
-
SHA512
b2f9137440475570e414d478c7cdd8553ab11e73f1528284f5211d1ba630bbdf617bd19aca996bce8a04491bd27f4973917b5419a87980f292bd2431a8dbe545
-
SSDEEP
12288:ewcxouasTQ1ATxEVVVunnLv6pTqyyA+OEV6XEMRjnbRvV:ew2outdWViOpTqz5MRjn
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-