General
-
Target
0aa00f0470dc38c15fe8e99376c5e272_JaffaCakes118
-
Size
1.1MB
-
Sample
240624-yy9baa1clg
-
MD5
0aa00f0470dc38c15fe8e99376c5e272
-
SHA1
e5ac210cb54910b2b21ce1845675540b5fdb049e
-
SHA256
87b3487f64f3be55dd90700c67617d28a65457759e801cefd5369872e3dc2c7f
-
SHA512
4ccc93058ff0d7db90547713abe8c48985cd7ffe28ac74bdea89967d3ee5003cc3fbf7402e7effe210032a131c314b96fe9bb94b30045b0becc69fae982a029d
-
SSDEEP
12288:GVmMp+Nj6jRPLjRPqjBjjyjBjBjBjBjLj3QoL6o2LE59w8t1chat8Z2hWfTa5hBt:EQpo2LY241cMt7h2Tacul1aWM8M5
Static task
static1
Behavioral task
behavioral1
Sample
0aa00f0470dc38c15fe8e99376c5e272_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
0aa00f0470dc38c15fe8e99376c5e272_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1599185091:AAFwjZ99E4P1IuAWSo1Ue568J97WLOPoV88/sendMessage?chat_id=652007142
Targets
-
-
Target
0aa00f0470dc38c15fe8e99376c5e272_JaffaCakes118
-
Size
1.1MB
-
MD5
0aa00f0470dc38c15fe8e99376c5e272
-
SHA1
e5ac210cb54910b2b21ce1845675540b5fdb049e
-
SHA256
87b3487f64f3be55dd90700c67617d28a65457759e801cefd5369872e3dc2c7f
-
SHA512
4ccc93058ff0d7db90547713abe8c48985cd7ffe28ac74bdea89967d3ee5003cc3fbf7402e7effe210032a131c314b96fe9bb94b30045b0becc69fae982a029d
-
SSDEEP
12288:GVmMp+Nj6jRPLjRPqjBjjyjBjBjBjBjLj3QoL6o2LE59w8t1chat8Z2hWfTa5hBt:EQpo2LY241cMt7h2Tacul1aWM8M5
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-