General
-
Target
2565a0f4855df3eabd24416d98e0a4c0_JaffaCakes118
-
Size
835KB
-
Sample
240704-k551jswdka
-
MD5
2565a0f4855df3eabd24416d98e0a4c0
-
SHA1
379bcb29b4899157f59862d901acb577bc250ee8
-
SHA256
c382978c4fbc471e61a6c4d874c41231f38da448436a36638d460ce79a272b2c
-
SHA512
ccf4f5853c627ced3b55f583c8c6e34ea9e5d0ed9dde661609ba0d0988305d07e59f6c6cbee78cd6c22ee5a03ae5d34154db370e1994b06b8be8aeeadf9abeec
-
SSDEEP
12288:QYR3JrNmiQEU6BVwU8Ftib/09ffhg5IA/D5q2vyZLswmNsvhvXLepqc:QYpJrNG6+U8DiSfhg5IUPvylssb
Static task
static1
Behavioral task
behavioral1
Sample
2565a0f4855df3eabd24416d98e0a4c0_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2565a0f4855df3eabd24416d98e0a4c0_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: ftp- Host:
ftp://bitrix370.timeweb.ru/ - Port:
21 - Username:
cn94754 - Password:
c2eitfpidhgS
Targets
-
-
Target
2565a0f4855df3eabd24416d98e0a4c0_JaffaCakes118
-
Size
835KB
-
MD5
2565a0f4855df3eabd24416d98e0a4c0
-
SHA1
379bcb29b4899157f59862d901acb577bc250ee8
-
SHA256
c382978c4fbc471e61a6c4d874c41231f38da448436a36638d460ce79a272b2c
-
SHA512
ccf4f5853c627ced3b55f583c8c6e34ea9e5d0ed9dde661609ba0d0988305d07e59f6c6cbee78cd6c22ee5a03ae5d34154db370e1994b06b8be8aeeadf9abeec
-
SSDEEP
12288:QYR3JrNmiQEU6BVwU8Ftib/09ffhg5IA/D5q2vyZLswmNsvhvXLepqc:QYpJrNG6+U8DiSfhg5IUPvylssb
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-