General
-
Target
e52aefae051cf2ccb0a5167f934fb962_JaffaCakes118
-
Size
709KB
-
Sample
241212-hhavsatlhx
-
MD5
e52aefae051cf2ccb0a5167f934fb962
-
SHA1
90b4a3591719e45bf10fcccab82071147811a996
-
SHA256
d66e6332874f85b47e9d2aa3c2b27d91a4bd42546e7e0ed2ccaf3556bc8130aa
-
SHA512
5b5f9301802c1c15aa07a21557697cf1f4eb2d471e2883e42874e7bcbe0228539fec022e2f17084d14e408c26429f4769a117f79dfc00fd994550d299fbfb174
-
SSDEEP
12288:BcWfHK7zhBtrf+7XcY8EouJRJANGogetMMhT28RQNgEwJCElkM:lCFBtr1Y8EouJRJAGPqMwRQNg3I+kM
Static task
static1
Behavioral task
behavioral1
Sample
e52aefae051cf2ccb0a5167f934fb962_JaffaCakes118.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
e52aefae051cf2ccb0a5167f934fb962_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.diktasltd.com.tr - Port:
587 - Username:
[email protected] - Password:
y7W3-vH?3{7C - Email To:
[email protected]
Targets
-
-
Target
e52aefae051cf2ccb0a5167f934fb962_JaffaCakes118
-
Size
709KB
-
MD5
e52aefae051cf2ccb0a5167f934fb962
-
SHA1
90b4a3591719e45bf10fcccab82071147811a996
-
SHA256
d66e6332874f85b47e9d2aa3c2b27d91a4bd42546e7e0ed2ccaf3556bc8130aa
-
SHA512
5b5f9301802c1c15aa07a21557697cf1f4eb2d471e2883e42874e7bcbe0228539fec022e2f17084d14e408c26429f4769a117f79dfc00fd994550d299fbfb174
-
SSDEEP
12288:BcWfHK7zhBtrf+7XcY8EouJRJANGogetMMhT28RQNgEwJCElkM:lCFBtr1Y8EouJRJAGPqMwRQNg3I+kM
Score10/10-
Snake Keylogger payload
-
Snakekeylogger family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-