General
-
Target
8996599ff87d740c55f576bafca8dd3a_JaffaCakes118
-
Size
980KB
-
Sample
240402-l291rsdg81
-
MD5
8996599ff87d740c55f576bafca8dd3a
-
SHA1
907f47d81a3c239518782aa451ed1adf143d1c8a
-
SHA256
2c5d6d9f4466c9d4551ccc7c32b7be9bcfb2c8be7ef968928069ca054c12dd16
-
SHA512
6d038b9ae9d7a014e98d0075a1c781bf5face0c4395754d92d4c81a86b85ba79ab1748ce10a895f68a4e01231b22b5e5fbbdade1df1d922855605424acf598ac
-
SSDEEP
24576:RAHnh+eWsN3skA4RV1Hom2KXFmIayMS6BnuZTdg4Z5:oh+ZkldoPK1XayQuZqe
Static task
static1
Behavioral task
behavioral1
Sample
8996599ff87d740c55f576bafca8dd3a_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://mgimpax.com/test/test/gate.php
http://visionhvac.in/www/WnFFIpXpxzNEWFILE.jar
Targets
-
-
Target
8996599ff87d740c55f576bafca8dd3a_JaffaCakes118
-
Size
980KB
-
MD5
8996599ff87d740c55f576bafca8dd3a
-
SHA1
907f47d81a3c239518782aa451ed1adf143d1c8a
-
SHA256
2c5d6d9f4466c9d4551ccc7c32b7be9bcfb2c8be7ef968928069ca054c12dd16
-
SHA512
6d038b9ae9d7a014e98d0075a1c781bf5face0c4395754d92d4c81a86b85ba79ab1748ce10a895f68a4e01231b22b5e5fbbdade1df1d922855605424acf598ac
-
SSDEEP
24576:RAHnh+eWsN3skA4RV1Hom2KXFmIayMS6BnuZTdg4Z5:oh+ZkldoPK1XayQuZqe
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-