General
-
Target
16334d583f283283426deeae30d96926_JaffaCakes118
-
Size
746KB
-
Sample
240627-qycnbawemq
-
MD5
16334d583f283283426deeae30d96926
-
SHA1
7c0510feac969d8110b7eb9ad867fcd2db1f1360
-
SHA256
346838cb6803df92a264b5f355b5a5f6de79dd3c6bb61b26187cd86df96d44ac
-
SHA512
740b43084864b7f2802e877657146770b73b2ed0617566097d04693865ba9f7d1fd3f9212b056b07d59cedb1a39e220dc4004c1b49513e0f746e68479c529e19
-
SSDEEP
12288:ZiDH1gDKcFRdrZjtE4rByjrhw6ct8NCmdyfwasqipKO29c:0gDKcFRdrF240jW3tsdyRipKO29c
Static task
static1
Behavioral task
behavioral1
Sample
Medisave Order 180827.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Medisave Order 180827.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
8d144.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
8d144.dll
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1253930875:AAHtgtSce_nZyxAmWaCL8F3TRro9rp-ilvI/sendMessage?chat_id=1323227338
Targets
-
-
Target
Medisave Order 180827.exe
-
Size
684KB
-
MD5
33a761dbe5930c762f7f88f7d733a7fe
-
SHA1
886c6d95005d2d5e9b2b9cb3f994826e49ba512e
-
SHA256
9fb198089a3815b1b5ead8e5c11c087a92aa37769e3ab9fc3d09646557743d14
-
SHA512
1f2488e3350451b77fe8abbeca5589d2ac4558b582dbaaddac16f2dc89cda6a4d00fcb2d4b287ab13cd0dbcab11fdb598a21aec1c524cc65ea56f6bc1596e67f
-
SSDEEP
12288:NiDH1gDKcFRdrZjtE4rByjrhw6ct8NCmdyfwasqipKO29cX:QgDKcFRdrF240jW3tsdyRipKO29cX
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
fccff8cb7a1067e23fd2e2b63971a8e1
-
SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91
-
SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
-
SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
-
SSDEEP
192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score3/10 -
-
-
Target
8d144.dll
-
Size
10KB
-
MD5
fcaca1b9ad5fe0bfed523839d37ecf27
-
SHA1
66fdce05606bc861b42fec41b0505668ac21defe
-
SHA256
3f36bb6084f358696601a687bee93c006bdbb4155a16603ad350d83093a94417
-
SHA512
41b2144eef175e61a9dc417dd8556f653268584ef82c44132b2d505f00dad488dffce370beffeabf322ecf8cfa3cdad6f80b7f3fab8e0a29941aafe77e9c564c
-
SSDEEP
192:WLk0vuR9jECxj2EFlr9fKxGxWifbv32LZgEJ:WHGbjdp2KrhKIUizv32LZ
Score3/10 -