General
-
Target
e528b87f984cd37424635e423adc7d7d_JaffaCakes118
-
Size
147KB
-
Sample
240407-rynagsfa54
-
MD5
e528b87f984cd37424635e423adc7d7d
-
SHA1
f101e7c3a04b431763f9805fb68130af34f86159
-
SHA256
6b3542d7193f4b59351c711091cf0866dd442cb76ec2a181cf543942d340d692
-
SHA512
a225be50e98b3963059f9078de349859a1b553dde9c176c62863a3f15470f75d476747646a59d98903564c1e8c5fb991e916d880c7aa756702990a0d674eb5cc
-
SSDEEP
3072:z5Rfr1ZZpFhVpnlw1GBcMc0ToVA+6moAiKkj2Xa7UoDl:z5tr5BVFlwcjc00B4yCD
Static task
static1
Behavioral task
behavioral1
Sample
e528b87f984cd37424635e423adc7d7d_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
pony
http://sam-latrilogie.com:8080/pony/gate.php
http://loceanic.fr:8080/pony/gate.php
-
payload_url
http://www.uniaotec.com.br/0Yoo6.exe
http://216.119.80.138/KY5.exe
http://ftp.videoheretic.com/vFs6cZZ.exe
Targets
-
-
Target
e528b87f984cd37424635e423adc7d7d_JaffaCakes118
-
Size
147KB
-
MD5
e528b87f984cd37424635e423adc7d7d
-
SHA1
f101e7c3a04b431763f9805fb68130af34f86159
-
SHA256
6b3542d7193f4b59351c711091cf0866dd442cb76ec2a181cf543942d340d692
-
SHA512
a225be50e98b3963059f9078de349859a1b553dde9c176c62863a3f15470f75d476747646a59d98903564c1e8c5fb991e916d880c7aa756702990a0d674eb5cc
-
SSDEEP
3072:z5Rfr1ZZpFhVpnlw1GBcMc0ToVA+6moAiKkj2Xa7UoDl:z5tr5BVFlwcjc00B4yCD
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-