General
-
Target
0876ca498a685cef7a18e10ce2507770_JaffaCakes118
-
Size
580KB
-
Sample
240624-php32a1gpg
-
MD5
0876ca498a685cef7a18e10ce2507770
-
SHA1
fdef9951c2efd96aac0a959ce1f7cadf0c81a81f
-
SHA256
d10c9083a3d3d9be335be359663a84e78c71ed45d660a17a0c9106d7c0f94473
-
SHA512
94b28c9d6fec38700c8e770b777fb044b35f1ecffd3ba64a4ad71456546827ef5fd7f9361728f4755eccd92ccb5f71ffe759d0aa689d6f558acf52120fabf050
-
SSDEEP
12288:ysKR0tv4eYbw9cEtu/s8xcPWcw2dXaYcrajdzniZFQEobFj8E7EI+dR:PKRU1KwDLWz2Xo2VclmPF+dR
Static task
static1
Behavioral task
behavioral1
Sample
0876ca498a685cef7a18e10ce2507770_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
0876ca498a685cef7a18e10ce2507770_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/mdprekfxpw.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/mdprekfxpw.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
0876ca498a685cef7a18e10ce2507770_JaffaCakes118
-
Size
580KB
-
MD5
0876ca498a685cef7a18e10ce2507770
-
SHA1
fdef9951c2efd96aac0a959ce1f7cadf0c81a81f
-
SHA256
d10c9083a3d3d9be335be359663a84e78c71ed45d660a17a0c9106d7c0f94473
-
SHA512
94b28c9d6fec38700c8e770b777fb044b35f1ecffd3ba64a4ad71456546827ef5fd7f9361728f4755eccd92ccb5f71ffe759d0aa689d6f558acf52120fabf050
-
SSDEEP
12288:ysKR0tv4eYbw9cEtu/s8xcPWcw2dXaYcrajdzniZFQEobFj8E7EI+dR:PKRU1KwDLWz2Xo2VclmPF+dR
Score10/10-
Snake Keylogger payload
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/mdprekfxpw.dll
-
Size
30KB
-
MD5
efb0b671be2543b0546371edebf02512
-
SHA1
18f2872f1ea713401f39418dc378a4c67ca89040
-
SHA256
5a4c2e67502068e7f97f7efc85d507bc703cf9fe505ff65624407f5a1aa057f0
-
SHA512
a97ca190be64a35d28bf98a27ef786489da871a113786f7eba3bf6faf302fa04e7b2c87d3decc5f4f12273ddc59a6285b0ea500af173e073929048300d11b76b
-
SSDEEP
768:iYYsBQJDh7wN4Ce1k95WuPO8P9se1J4+iGTMDsJzqk0UNKC:ioBQJD6LPO8P9fC+iFsJvNb
Score10/10-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-