General
-
Target
17932d00c3e824b75d39877a20c07f1a_JaffaCakes118
-
Size
655KB
-
Sample
240627-z78lsa1gjc
-
MD5
17932d00c3e824b75d39877a20c07f1a
-
SHA1
f3bd48f9b3a940f4c430a15d61b8d63cb6bcf797
-
SHA256
1cb8fe9e0457c4b0f986f45462b5c35c595374f045a52f0e19a40a9bd8b79195
-
SHA512
ea163cd5d7e9180e0bb98e5cd2af203c1cc66cc022268433d2cf633f34e9644439988d72b6054944f1bb8826824241aaf581e7ce76ace60df98f4b85f547de5b
-
SSDEEP
12288:IUWEPY6SmvdApQ36kP8Vs8w3zdF4KPH8k9JXm8CNupL0IKwQc7K4j:IUhg6Smvdw1ps7zwKEWC4pL0Iyc7B
Static task
static1
Behavioral task
behavioral1
Sample
SOA your client has an outstanding amount of 60.690€..exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
SOA your client has an outstanding amount of 60.690€..exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: ftp- Host:
ftp://bitrix370.timeweb.ru/ - Port:
21 - Username:
cn94754 - Password:
c2eitfpidhgS
Targets
-
-
Target
SOA your client has an outstanding amount of 60.690€..exe
-
Size
2.0MB
-
MD5
92c83a8f67d64aef2b94f1b79ad2f538
-
SHA1
a169688d6044aec9d97407f4350316d238cf17e0
-
SHA256
9cb0c51bde1990ee8ac844aba1a8c1f18cc22e8a573f3363214afff4c3959f5f
-
SHA512
3529dbd000605b6553c22e8c4b2f22aedbb82893786d07a0a41e5f2b053c7ffbcad9e2be2e7527ed163b571c7651a9000c9674a6c9c16d93b26342f2a1572eb2
-
SSDEEP
24576:JySTmL6R8NmtyoN25ONpbMTiCr8dEb4UJKW1mZLFeCXDMDYDL7:7TqmJ250W3b4UJKW1mZLFeCXDMDYDL
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-