General
-
Target
f5ca8f415aea09611a9aa9d3c6bd1a2c_JaffaCakes118
-
Size
1.9MB
-
Sample
241215-z7vd6axna1
-
MD5
f5ca8f415aea09611a9aa9d3c6bd1a2c
-
SHA1
438276787f950bf79393b0903883fff232684e76
-
SHA256
93e4528267157334ef0d55c3f378ce7f862c00d7c49a9215d8a7426188dda454
-
SHA512
311884f53e7b21e0d9ddb1ed44b7e3977662502b0549bc000cb17548c5ae3e480baf4d6d827a2f9a2133ef457575c2561830f7dc8a7183e836f81e9dc9a71750
-
SSDEEP
12288:WC3hpINYoA3P1/GyjcOgHf4uvP9H539XKfalV7T2fXOk/HmUVppUuEVCHo:WCTIN7EZVjcZHf4YbN6UV7T2fXOvOQ
Static task
static1
Behavioral task
behavioral1
Sample
BE-IZ-Q-1278-21 - TECHNICAL.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
BE-IZ-Q-1278-21 - TECHNICAL.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.fireacoustics.com - Port:
587 - Username:
[email protected] - Password:
_d:rzD~62Jxh - Email To:
[email protected]
Targets
-
-
Target
BE-IZ-Q-1278-21 - TECHNICAL.exe
-
Size
1.3MB
-
MD5
9c032d7fbfdfe2064f850a9f2f0cfcaa
-
SHA1
81633e6bb46148fff7f81330c5ca43b055f17be0
-
SHA256
522ef9da580292e5ef0de44c4c3522f8f4fea1f4248467ff66a7d638be7a305c
-
SHA512
50df0bb3764e014c1cdb888c5984a2c0b8439be232e90eacceeb9a517354456858a4327b0194da72facddafb4a4ace377340e54eb0919d3c2a8bf46d3d15cda7
-
SSDEEP
12288:MC3hpINYoA3P1/GyjcOgHf4uvP9H539XKfalV7T2fXOk/HmUVppUuEVCHo:MCTIN7EZVjcZHf4YbN6UV7T2fXOvOQ
Score10/10-
Snake Keylogger payload
-
Snakekeylogger family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-