General
-
Target
9ff683e754ab8cc6d2c5f2745e650e22_JaffaCakes118
-
Size
562KB
-
Sample
241126-fpnn4ssmbq
-
MD5
9ff683e754ab8cc6d2c5f2745e650e22
-
SHA1
d473712581653969d8f314dd11620bcfbcde3578
-
SHA256
4e449fdff6df1acbaba9250bb8cb66e4674d49be190c0c9070ca3f5b8ee73435
-
SHA512
e32c713cd0a3d1bb6663af371acb4d8ddaf74a2a3db868e79a2e5f622ddaaa90c16614da6a4ea40acd8d2ea6feddf36579a42734414889341e4a74a2d4a565c0
-
SSDEEP
12288:k9pUim21V+JsmuWLWiuyaWfIrP08Xou6PWkOS23lVnUn1Nv/pmHRF1M38H:hG68lZePh
Static task
static1
Behavioral task
behavioral1
Sample
9ff683e754ab8cc6d2c5f2745e650e22_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
9ff683e754ab8cc6d2c5f2745e650e22_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1740221425:AAEOVM7H7MhKkyXcbjQXPID2QnxGYTTnqCY/sendMessage?chat_id=1482312326
Targets
-
-
Target
9ff683e754ab8cc6d2c5f2745e650e22_JaffaCakes118
-
Size
562KB
-
MD5
9ff683e754ab8cc6d2c5f2745e650e22
-
SHA1
d473712581653969d8f314dd11620bcfbcde3578
-
SHA256
4e449fdff6df1acbaba9250bb8cb66e4674d49be190c0c9070ca3f5b8ee73435
-
SHA512
e32c713cd0a3d1bb6663af371acb4d8ddaf74a2a3db868e79a2e5f622ddaaa90c16614da6a4ea40acd8d2ea6feddf36579a42734414889341e4a74a2d4a565c0
-
SSDEEP
12288:k9pUim21V+JsmuWLWiuyaWfIrP08Xou6PWkOS23lVnUn1Nv/pmHRF1M38H:hG68lZePh
Score10/10-
Snake Keylogger payload
-
Snakekeylogger family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-