General
-
Target
e4dbf85869e7764aaf5032599c98d3c9_JaffaCakes118
-
Size
1.4MB
-
Sample
240407-ny1zssca9t
-
MD5
e4dbf85869e7764aaf5032599c98d3c9
-
SHA1
1e937f87fdccbe88fad3236bca8705f4ded8c4ac
-
SHA256
86a67fa63d48d6a4ffb95f26a3c0a2ffcb9819422766c94a3a3d6b45944f7c62
-
SHA512
7b1a0b968b671547ef66a79c989dfd9dc5aaf7bca957c64af5e149467846ea682d83066e91e662ddec2326decab673be48810014b14647cce104ee6dbadfe2e3
-
SSDEEP
24576:U9VubLNAafeunjgHujoVvRWrW+neNZeA23/wHPISs2YB2jh2Nl5Zgrqd/7KA0pG:KubvGujgHuEVvzYej0oHPM2RkNlcm57X
Static task
static1
Behavioral task
behavioral1
Sample
e4dbf85869e7764aaf5032599c98d3c9_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
e4dbf85869e7764aaf5032599c98d3c9_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cryptbot
lyspoh51.top
morecj05.top
-
payload_url
http://damyeb07.top/download.php?file=lv.exe
Targets
-
-
Target
e4dbf85869e7764aaf5032599c98d3c9_JaffaCakes118
-
Size
1.4MB
-
MD5
e4dbf85869e7764aaf5032599c98d3c9
-
SHA1
1e937f87fdccbe88fad3236bca8705f4ded8c4ac
-
SHA256
86a67fa63d48d6a4ffb95f26a3c0a2ffcb9819422766c94a3a3d6b45944f7c62
-
SHA512
7b1a0b968b671547ef66a79c989dfd9dc5aaf7bca957c64af5e149467846ea682d83066e91e662ddec2326decab673be48810014b14647cce104ee6dbadfe2e3
-
SSDEEP
24576:U9VubLNAafeunjgHujoVvRWrW+neNZeA23/wHPISs2YB2jh2Nl5Zgrqd/7KA0pG:KubvGujgHuEVvzYej0oHPM2RkNlcm57X
Score10/10-
CryptBot payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-