Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_c368da96b56b5584411d55c00c55a4b0
-
Size
1.0MB
-
Sample
250109-kb5spaxjdr
-
MD5
c368da96b56b5584411d55c00c55a4b0
-
SHA1
ea04d8d13b0b2ab75607767ff283a1b67f773aea
-
SHA256
7fab4484ff1eba1d0ee9048c96a4daf0f8441c230bd6cf2f569c4bf775e8ccfe
-
SHA512
71adca49498725396a2756d4660e135a949ee986357251a9df9cdd92256bc1d0a51dcc1e65ef0935952690ea3c4e025dc31244297c764561d30975aefc037969
-
SSDEEP
12288:YSTgeyhP7VWYgnTQbpqrEgi5gl6iEC/MHmg789IW1dXg:nMhUVnkbpqrEgi53C/MHmg789IW1dXg
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_c368da96b56b5584411d55c00c55a4b0.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_c368da96b56b5584411d55c00c55a4b0.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
budgetn.shop - Port:
587 - Username:
[email protected] - Password:
eC~Z,TG&S9jM - Email To:
[email protected]
Targets
-
-
Target
JaffaCakes118_c368da96b56b5584411d55c00c55a4b0
-
Size
1.0MB
-
MD5
c368da96b56b5584411d55c00c55a4b0
-
SHA1
ea04d8d13b0b2ab75607767ff283a1b67f773aea
-
SHA256
7fab4484ff1eba1d0ee9048c96a4daf0f8441c230bd6cf2f569c4bf775e8ccfe
-
SHA512
71adca49498725396a2756d4660e135a949ee986357251a9df9cdd92256bc1d0a51dcc1e65ef0935952690ea3c4e025dc31244297c764561d30975aefc037969
-
SSDEEP
12288:YSTgeyhP7VWYgnTQbpqrEgi5gl6iEC/MHmg789IW1dXg:nMhUVnkbpqrEgi53C/MHmg789IW1dXg
Score10/10-
Snake Keylogger payload
-
Snakekeylogger family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-