General
-
Target
1454d63297f54fac97a7cc7d69cfaf2c_JaffaCakes118
-
Size
333KB
-
Sample
240627-cr474azhml
-
MD5
1454d63297f54fac97a7cc7d69cfaf2c
-
SHA1
3b7dc8e9f57f103ad717c7eddfe4c3ece4ea10f2
-
SHA256
492e04190e54a639f1dd9ff77b0d6c2d29707f0367202c613cec98181cb53583
-
SHA512
9c2a3c482785ce4aaaadbf2223ff4486157a7901cf05428f51abf28d06188ca383ebcf15f22abf695ebd2b32d76c0a677d889278943bd05ab9fb3c08ab6ed431
-
SSDEEP
6144:emtVkERQ+3HwOXaIV4oAGGOnrTbK041EcJz7KzIemftw5TZxsHL0:iESoXaIVVPl41EIXKkLfC5NGo
Static task
static1
Behavioral task
behavioral1
Sample
1454d63297f54fac97a7cc7d69cfaf2c_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
1454d63297f54fac97a7cc7d69cfaf2c_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.venusosgb.com - Port:
587 - Username:
[email protected] - Password:
SX}5FZT_Lkmz - Email To:
[email protected]
Targets
-
-
Target
1454d63297f54fac97a7cc7d69cfaf2c_JaffaCakes118
-
Size
333KB
-
MD5
1454d63297f54fac97a7cc7d69cfaf2c
-
SHA1
3b7dc8e9f57f103ad717c7eddfe4c3ece4ea10f2
-
SHA256
492e04190e54a639f1dd9ff77b0d6c2d29707f0367202c613cec98181cb53583
-
SHA512
9c2a3c482785ce4aaaadbf2223ff4486157a7901cf05428f51abf28d06188ca383ebcf15f22abf695ebd2b32d76c0a677d889278943bd05ab9fb3c08ab6ed431
-
SSDEEP
6144:emtVkERQ+3HwOXaIV4oAGGOnrTbK041EcJz7KzIemftw5TZxsHL0:iESoXaIVVPl41EIXKkLfC5NGo
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-