General
-
Target
18fdfada20074a7e54f521d3e77d89df_JaffaCakes118
-
Size
581KB
-
Sample
240628-gd99eawhjr
-
MD5
18fdfada20074a7e54f521d3e77d89df
-
SHA1
792d21eb945c24e1c8051197a577b51fed93371f
-
SHA256
1dc2a4dd6e7e1525ff0e92f87bf12b95f62eb5750bdec7a41d40e49a3b2f9d81
-
SHA512
540314dd8eea5eea0a98d4c9e88522bd240c9714611fce646c8b948c4db9813de1db93dd86ea1e59003d59820bdca7a6b3a578731ed125bef63d3a2ff120eaef
-
SSDEEP
6144:3OJ0qvtMWjQ/TmzJBDT7n1l2VZfXHESjevnbzSef2/tkt4h2iByT9H6c7RuqcSSI:3M0qeVizJdv1lifrsbzq/Gt4gzZHD7A
Static task
static1
Behavioral task
behavioral1
Sample
18fdfada20074a7e54f521d3e77d89df_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
18fdfada20074a7e54f521d3e77d89df_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.potagrup.com - Port:
587 - Username:
[email protected] - Password:
Pgrup@2021
Targets
-
-
Target
18fdfada20074a7e54f521d3e77d89df_JaffaCakes118
-
Size
581KB
-
MD5
18fdfada20074a7e54f521d3e77d89df
-
SHA1
792d21eb945c24e1c8051197a577b51fed93371f
-
SHA256
1dc2a4dd6e7e1525ff0e92f87bf12b95f62eb5750bdec7a41d40e49a3b2f9d81
-
SHA512
540314dd8eea5eea0a98d4c9e88522bd240c9714611fce646c8b948c4db9813de1db93dd86ea1e59003d59820bdca7a6b3a578731ed125bef63d3a2ff120eaef
-
SSDEEP
6144:3OJ0qvtMWjQ/TmzJBDT7n1l2VZfXHESjevnbzSef2/tkt4h2iByT9H6c7RuqcSSI:3M0qeVizJdv1lifrsbzq/Gt4gzZHD7A
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-