General
-
Target
1061052e6af2a0c5b93bd3208b799b53_JaffaCakes118
-
Size
1.2MB
-
Sample
240626-cnhjxsyekg
-
MD5
1061052e6af2a0c5b93bd3208b799b53
-
SHA1
ae2717741a67a667810bc1acd0d2410fb3f123c7
-
SHA256
dd52c7558bea0e028364a138ed99a13962d0d8ac14c5c17b8645741ac82792bb
-
SHA512
53719347af2891281e8152538d700d03f1fe1f8226ad336a2be6d0da6d09c85aaa3c281a59465ea29c5a6e1d87729bd814a15e390e7bc2b19edb95f5aa0913ee
-
SSDEEP
12288:mmmWpzZDRj6jRPLjRPqjBjjyjBjBjBjBjLjuY1amldaailF/d85+BpNij60ToZUh:E1aAOFJT26IEIXj450RRe9cV
Static task
static1
Behavioral task
behavioral1
Sample
1061052e6af2a0c5b93bd3208b799b53_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1061052e6af2a0c5b93bd3208b799b53_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1634002210:AAGipukUEr-bNBgl2R1_hwFgfb9ez_v6wzE/sendMessage?chat_id=1401219117
Targets
-
-
Target
1061052e6af2a0c5b93bd3208b799b53_JaffaCakes118
-
Size
1.2MB
-
MD5
1061052e6af2a0c5b93bd3208b799b53
-
SHA1
ae2717741a67a667810bc1acd0d2410fb3f123c7
-
SHA256
dd52c7558bea0e028364a138ed99a13962d0d8ac14c5c17b8645741ac82792bb
-
SHA512
53719347af2891281e8152538d700d03f1fe1f8226ad336a2be6d0da6d09c85aaa3c281a59465ea29c5a6e1d87729bd814a15e390e7bc2b19edb95f5aa0913ee
-
SSDEEP
12288:mmmWpzZDRj6jRPLjRPqjBjjyjBjBjBjBjLjuY1amldaailF/d85+BpNij60ToZUh:E1aAOFJT26IEIXj450RRe9cV
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-