General
-
Target
1f26db950119bea7aab49e349da50f53_JaffaCakes118
-
Size
1.2MB
-
Sample
240702-nje4satfrq
-
MD5
1f26db950119bea7aab49e349da50f53
-
SHA1
30385c3cb46dd40acf5d99aeeb648d3c787774ab
-
SHA256
237f8b4365da5b034b1f6a0f9761dc8f472670a48de278636ca4751475e6f750
-
SHA512
d5528607809ec9d98eed10cb99f3ce5b9a02329e80e8581be94b58a71f8fb125320d42692bb1dbb74c12999336a869c17f707370de817e385f117b3d53955dda
-
SSDEEP
24576:nCYzHSvi7AYaf+dk+gzsYr8zjof+FqSzZX:DzPAYaf+2JzJYQf+FxzZX
Static task
static1
Behavioral task
behavioral1
Sample
1f26db950119bea7aab49e349da50f53_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1f26db950119bea7aab49e349da50f53_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
server204.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
e6b?WrjNRgdC
Targets
-
-
Target
1f26db950119bea7aab49e349da50f53_JaffaCakes118
-
Size
1.2MB
-
MD5
1f26db950119bea7aab49e349da50f53
-
SHA1
30385c3cb46dd40acf5d99aeeb648d3c787774ab
-
SHA256
237f8b4365da5b034b1f6a0f9761dc8f472670a48de278636ca4751475e6f750
-
SHA512
d5528607809ec9d98eed10cb99f3ce5b9a02329e80e8581be94b58a71f8fb125320d42692bb1dbb74c12999336a869c17f707370de817e385f117b3d53955dda
-
SSDEEP
24576:nCYzHSvi7AYaf+dk+gzsYr8zjof+FqSzZX:DzPAYaf+2JzJYQf+FxzZX
Score10/10-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-