General
-
Target
08e24a3d689c7c7a9f4a1d29015be51b_JaffaCakes118
-
Size
1.2MB
-
Sample
240624-q4nyjaydrp
-
MD5
08e24a3d689c7c7a9f4a1d29015be51b
-
SHA1
0e314c8fcdfbc88521ddfc80b2984f3d587a982b
-
SHA256
9d6c737ffe3b5886f36b9883b3019361fc286845616dc9a757dde4b78901239b
-
SHA512
e9c654a054f7c29eab65cefcbc85e1dcdc3feefba28200bfca856b0751b350cb732e147b500038b476ac8f646afe5ba535a08a069feda2d75e3c45c34a9bee6e
-
SSDEEP
12288:vJ3X8mSiH1rKl/yLrXoWbd7elD3E7SvE2mvnVfP3ByxbE/wT1eNG:vJllVrKlyLrXoUL7SvOvBZyG45
Static task
static1
Behavioral task
behavioral1
Sample
08e24a3d689c7c7a9f4a1d29015be51b_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
08e24a3d689c7c7a9f4a1d29015be51b_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: ftp- Host:
ftp://bitrix370.timeweb.ru/ - Port:
21 - Username:
cn94754 - Password:
c2eitfpidhgS
Targets
-
-
Target
08e24a3d689c7c7a9f4a1d29015be51b_JaffaCakes118
-
Size
1.2MB
-
MD5
08e24a3d689c7c7a9f4a1d29015be51b
-
SHA1
0e314c8fcdfbc88521ddfc80b2984f3d587a982b
-
SHA256
9d6c737ffe3b5886f36b9883b3019361fc286845616dc9a757dde4b78901239b
-
SHA512
e9c654a054f7c29eab65cefcbc85e1dcdc3feefba28200bfca856b0751b350cb732e147b500038b476ac8f646afe5ba535a08a069feda2d75e3c45c34a9bee6e
-
SSDEEP
12288:vJ3X8mSiH1rKl/yLrXoWbd7elD3E7SvE2mvnVfP3ByxbE/wT1eNG:vJllVrKlyLrXoUL7SvOvBZyG45
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-