General
-
Target
ee3071fbf7d91381442734c6145a11fa_JaffaCakes118
-
Size
710KB
-
Sample
241214-lwjlmaznbm
-
MD5
ee3071fbf7d91381442734c6145a11fa
-
SHA1
ba0a843115aa24d3ea4734f9329d5b19ed435c20
-
SHA256
4ac9b6a9a2e4787dcf2f85ac31200933d3e3a01b9a0410c13ffc46277a1d3a16
-
SHA512
ad496a7b34ab9d842fa04069b051030ed840cd4b33fbf23aa09babaab9f34a5593e32b0a224c038f9d8ab17f1c61f611fb777b54cf9fc36ce060274e520dd936
-
SSDEEP
12288:+HauZjuFWsGB55UXkktw4mMz0VLmkeSsqqYvz+q84n86oAH5cC0oQJ0VU5V6fJKT:kZjNhuXkWwxMwDenWz+28mHSUUP6fJKT
Static task
static1
Behavioral task
behavioral1
Sample
ee3071fbf7d91381442734c6145a11fa_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
ee3071fbf7d91381442734c6145a11fa_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.bncfood.ly - Port:
587 - Username:
[email protected] - Password:
n7X=nOFS^O[[+a9{l$ - Email To:
[email protected]
Targets
-
-
Target
ee3071fbf7d91381442734c6145a11fa_JaffaCakes118
-
Size
710KB
-
MD5
ee3071fbf7d91381442734c6145a11fa
-
SHA1
ba0a843115aa24d3ea4734f9329d5b19ed435c20
-
SHA256
4ac9b6a9a2e4787dcf2f85ac31200933d3e3a01b9a0410c13ffc46277a1d3a16
-
SHA512
ad496a7b34ab9d842fa04069b051030ed840cd4b33fbf23aa09babaab9f34a5593e32b0a224c038f9d8ab17f1c61f611fb777b54cf9fc36ce060274e520dd936
-
SSDEEP
12288:+HauZjuFWsGB55UXkktw4mMz0VLmkeSsqqYvz+q84n86oAH5cC0oQJ0VU5V6fJKT:kZjNhuXkWwxMwDenWz+28mHSUUP6fJKT
Score10/10-
Snake Keylogger payload
-
Snakekeylogger family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-