General
-
Target
e48ba858a2e5920094b6620f01af204c_JaffaCakes118
-
Size
148KB
-
Sample
240407-kt2trahg45
-
MD5
e48ba858a2e5920094b6620f01af204c
-
SHA1
cdad3f5b64754ddd3285ec98db0de32774a26bda
-
SHA256
6bd3dbc3509317aaefa25666f447fb5de2a0537243751e7476f88466b1a24f80
-
SHA512
d72a37a89ad48cfd97cbe320ebb9ac0db926b077bb6fab29fbd5296c652e0ef17a5af665d6854d9e9b4b30578e330fa6c0edc244969d95b558c55c164c429218
-
SSDEEP
3072:FZmFz5U16ag7pIh05MN9nIxRfioqxXwFV:FZmFu163i1NAVqxXE
Static task
static1
Behavioral task
behavioral1
Sample
e48ba858a2e5920094b6620f01af204c_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://horseoncycle.com/forum/viewtopic.php
http://cowboyonbike.com/forum/viewtopic.php
-
payload_url
http://85.214.134.155/f8ooWPHg/sS8m5AuG.exe
http://ofismakina.com/gLPxnGJg/DmGCJ80J.exe
http://hassanstore.altervista.org/wcFGd4cA/rnky.exe
Targets
-
-
Target
e48ba858a2e5920094b6620f01af204c_JaffaCakes118
-
Size
148KB
-
MD5
e48ba858a2e5920094b6620f01af204c
-
SHA1
cdad3f5b64754ddd3285ec98db0de32774a26bda
-
SHA256
6bd3dbc3509317aaefa25666f447fb5de2a0537243751e7476f88466b1a24f80
-
SHA512
d72a37a89ad48cfd97cbe320ebb9ac0db926b077bb6fab29fbd5296c652e0ef17a5af665d6854d9e9b4b30578e330fa6c0edc244969d95b558c55c164c429218
-
SSDEEP
3072:FZmFz5U16ag7pIh05MN9nIxRfioqxXwFV:FZmFu163i1NAVqxXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-