General
-
Target
0b28fcec6aa92f1f82d76d4872608462_JaffaCakes118
-
Size
1.2MB
-
Sample
240624-24qmxazgln
-
MD5
0b28fcec6aa92f1f82d76d4872608462
-
SHA1
7f52fdba06bcce76a0630a33d55e6e04c4e6e438
-
SHA256
691cadca061e29068534972b98fb0a23ab002241eda53bf756ac21fb83b51a63
-
SHA512
c0f8cd9bd43ca2c0fa8e7b66844461ebf0dc5f8698259063d029462eb70ab920501f7c5ec1e54502742c5917553d44880101f236565c05d765c4b0fac3882340
-
SSDEEP
12288:FlxhGT/f7DSvWN1JuigLYVlaf+dhKeVnVBAzzZvwKD3ZvEVhpfNcNCHFb/LE:FAzHSvi7AYaf+dk+gzFopuC9LE
Static task
static1
Behavioral task
behavioral1
Sample
0b28fcec6aa92f1f82d76d4872608462_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0b28fcec6aa92f1f82d76d4872608462_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
server51.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
Bb%RC~tLQ?4V
Targets
-
-
Target
0b28fcec6aa92f1f82d76d4872608462_JaffaCakes118
-
Size
1.2MB
-
MD5
0b28fcec6aa92f1f82d76d4872608462
-
SHA1
7f52fdba06bcce76a0630a33d55e6e04c4e6e438
-
SHA256
691cadca061e29068534972b98fb0a23ab002241eda53bf756ac21fb83b51a63
-
SHA512
c0f8cd9bd43ca2c0fa8e7b66844461ebf0dc5f8698259063d029462eb70ab920501f7c5ec1e54502742c5917553d44880101f236565c05d765c4b0fac3882340
-
SSDEEP
12288:FlxhGT/f7DSvWN1JuigLYVlaf+dhKeVnVBAzzZvwKD3ZvEVhpfNcNCHFb/LE:FAzHSvi7AYaf+dk+gzFopuC9LE
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-