General
-
Target
16d90789e5f084514c2d3fc674ae8d72_JaffaCakes118
-
Size
581KB
-
Sample
240627-vxg9ma1glc
-
MD5
16d90789e5f084514c2d3fc674ae8d72
-
SHA1
c9c2a966add3580c6627f3497cbf2ebbc30ca11d
-
SHA256
cb0843ac3ea4a308ae15bfc9b8cffa8c99e417af1abf1527b89046ca8633918a
-
SHA512
7cacf206e52ab5629c4ecb14ce36cae01fd9772983e0243d2caa7ca664f895ee481525e467ac54b313feb4636a273f097337e1d8e06328aa3f22940cbf7c65e1
-
SSDEEP
6144:HOJ0qvtMWjQ/TMhw6MjFC7aZcYGIgW+CuilwH7WMwSfmwUJUtKJg0LVpAMYrTqs8:HM0qeVfbpC7olwH7WMwS+/CcJg0fAMO
Static task
static1
Behavioral task
behavioral1
Sample
16d90789e5f084514c2d3fc674ae8d72_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
16d90789e5f084514c2d3fc674ae8d72_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.potagrup.com - Port:
587 - Username:
[email protected] - Password:
Pgrup@2021
Targets
-
-
Target
16d90789e5f084514c2d3fc674ae8d72_JaffaCakes118
-
Size
581KB
-
MD5
16d90789e5f084514c2d3fc674ae8d72
-
SHA1
c9c2a966add3580c6627f3497cbf2ebbc30ca11d
-
SHA256
cb0843ac3ea4a308ae15bfc9b8cffa8c99e417af1abf1527b89046ca8633918a
-
SHA512
7cacf206e52ab5629c4ecb14ce36cae01fd9772983e0243d2caa7ca664f895ee481525e467ac54b313feb4636a273f097337e1d8e06328aa3f22940cbf7c65e1
-
SSDEEP
6144:HOJ0qvtMWjQ/TMhw6MjFC7aZcYGIgW+CuilwH7WMwSfmwUJUtKJg0LVpAMYrTqs8:HM0qeVfbpC7olwH7WMwS+/CcJg0fAMO
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-