General
-
Target
04bd01c5343cef0a9eb0f9809c38a6d2_JaffaCakes118
-
Size
529KB
-
Sample
240623-bse4xsxgnn
-
MD5
04bd01c5343cef0a9eb0f9809c38a6d2
-
SHA1
b328b14774af852bda4f2b920c0edd51fbde628c
-
SHA256
b8fa22ad08fdaffe595e3a99a93332682853a3f20c16c2432ece2298b54a4c5f
-
SHA512
28ed5053005752ce4ed9d9be418fc0291ac427a2852eabb17726e10c35ab1bb36e479b71b131ae8f3f4a2b4148e520f71c7e209465f23986f84d8102ab927c5e
-
SSDEEP
12288:jvaeRgxSr1xU+foFkTvDXZqoO4Mr1FyNEukjDw60cI1ocq5fAVL:jXTr3UbWDDXhO4M5F2kjkr
Static task
static1
Behavioral task
behavioral1
Sample
04bd01c5343cef0a9eb0f9809c38a6d2_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
04bd01c5343cef0a9eb0f9809c38a6d2_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
Moneymatter@123 - Email To:
[email protected]
Targets
-
-
Target
04bd01c5343cef0a9eb0f9809c38a6d2_JaffaCakes118
-
Size
529KB
-
MD5
04bd01c5343cef0a9eb0f9809c38a6d2
-
SHA1
b328b14774af852bda4f2b920c0edd51fbde628c
-
SHA256
b8fa22ad08fdaffe595e3a99a93332682853a3f20c16c2432ece2298b54a4c5f
-
SHA512
28ed5053005752ce4ed9d9be418fc0291ac427a2852eabb17726e10c35ab1bb36e479b71b131ae8f3f4a2b4148e520f71c7e209465f23986f84d8102ab927c5e
-
SSDEEP
12288:jvaeRgxSr1xU+foFkTvDXZqoO4Mr1FyNEukjDw60cI1ocq5fAVL:jXTr3UbWDDXhO4M5F2kjkr
Score10/10-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-