General
-
Target
f23000a51a7ac80b39bab71e83c3983a_JaffaCakes118
-
Size
1.5MB
-
Sample
240415-3n9arabd98
-
MD5
f23000a51a7ac80b39bab71e83c3983a
-
SHA1
647a3ce6cfc9e4a4f5c952678d8c7bda038a14f5
-
SHA256
bd7020c913d0170d15354c8e693a4b2469d2332768ef477c702bd1c51e41887c
-
SHA512
e7193498cea1d3a56a4a207c3f94aff45b591d4dc95b2ba67830a1252dd79560b63c8abdb36216f90e74fae22123c38f82b606953551ca54f1b015ca987ee7f3
-
SSDEEP
24576:VyEptD7sRjWDFtr9xE8OoNTtfvJeqkIftCstIt2J5CNmfh8+IED471iuejTya:jZARsFtrTRbdtw4tC0LkyqED4xiuej
Static task
static1
Behavioral task
behavioral1
Sample
f23000a51a7ac80b39bab71e83c3983a_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
Aggiogati.pptx
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
Aggiogati.pptx
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
Fresco.pptx
Resource
win7-20231129-en
Behavioral task
behavioral5
Sample
Fresco.pptx
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
Pel.pptx
Resource
win7-20240221-en
Behavioral task
behavioral7
Sample
Pel.pptx
Resource
win10v2004-20240412-en
Behavioral task
behavioral8
Sample
Seduce.pptx
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
Seduce.pptx
Resource
win10v2004-20240412-en
Malware Config
Extracted
cryptbot
ewaqfe45.top
morjau04.top
-
payload_url
http://winhaf05.top/download.php?file=lv.exe
Targets
-
-
Target
f23000a51a7ac80b39bab71e83c3983a_JaffaCakes118
-
Size
1.5MB
-
MD5
f23000a51a7ac80b39bab71e83c3983a
-
SHA1
647a3ce6cfc9e4a4f5c952678d8c7bda038a14f5
-
SHA256
bd7020c913d0170d15354c8e693a4b2469d2332768ef477c702bd1c51e41887c
-
SHA512
e7193498cea1d3a56a4a207c3f94aff45b591d4dc95b2ba67830a1252dd79560b63c8abdb36216f90e74fae22123c38f82b606953551ca54f1b015ca987ee7f3
-
SSDEEP
24576:VyEptD7sRjWDFtr9xE8OoNTtfvJeqkIftCstIt2J5CNmfh8+IED471iuejTya:jZARsFtrTRbdtw4tC0LkyqED4xiuej
Score10/10-
CryptBot payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
Aggiogati.pptx
-
Size
872KB
-
MD5
f435197ac66954c9aaa768c402bb2f6e
-
SHA1
81cb16becf08ab1cb2d88c1a0d51872aac7af78f
-
SHA256
682c0c70fdc6522a9ee445de9439348405b945ef9707b983ddf3e88c869ea576
-
SHA512
ca39a95f003340290b4ae5037313432061c1213f976253bbda8b5149f0f1e295cacbc43dbe63fa1cc54e5336a3161eac7962f73afad775a4122ad23f0330117b
-
SSDEEP
12288:CpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:CT3E53Myyzl0hMf1tr7Caw8M01
Score1/10 -
-
-
Target
Fresco.pptx
-
Size
733KB
-
MD5
6ef148867d1e6e66271e86d6bfab3869
-
SHA1
589cfd4129777c088f4b53f5dc723ada5f51b302
-
SHA256
0768633b95a60df47da99c4f6c92cb703c61e547652e6831ff918a9c48ae7720
-
SHA512
8ba444184340843551dbe1dbec38f15a8a30aa3e97811e300b4fcae2c791254c84576d3b8d7299cca48ae0a3a8e443bbc71d0325283df7a46773747ef72b41e3
-
SSDEEP
12288:FFoEOMuKv6UbT/Me7QIKclK/MnItmmsrvU1lUwCT27BQmN6oTwdBMf1Aq42Z2Ckk:PoEu46UbAe7ZlGEcc6vZIA/mWt3VmDW
Score1/10 -
-
-
Target
Pel.pptx
-
Size
487B
-
MD5
b508376c348b13291d124eab9cce3534
-
SHA1
26e23e157da1b214a98d84c581c103a97d2f4121
-
SHA256
a0a6240b767c17f2bbe16985044599f369fdee62ee626a4326e975edbb01a9b4
-
SHA512
018c7dcf04180da81065647d957e4d08e40ee7e6ca93fe70ab6bfa49ab8532fcd40fe9add8ddc09816e343f04174b1d3e3dc16ba4cd7c93545814fc1992256b8
Score1/10 -
-
-
Target
Seduce.pptx
-
Size
634KB
-
MD5
c5a42d35b245941d0acde1ecc0858cd2
-
SHA1
d34859da52fe96c5ea0b580d24dd05404af91a89
-
SHA256
0f7917bc1c77ced2004a06f52195e492fcbc4a1bee59f345dd8210df14e12e4c
-
SHA512
a6d283988467152fe85fa9bac1f6dbd7fa88631af90198d10b912b5589186b1a8920ec3f8a6fee5ce3c58c415c860ab429b10c1d1c77de2a3f4c91843ee63564
-
SSDEEP
12288:apP74pS2FftpNhsbIvSwPW99EJlCI4pNBZo63Q6EG3hk1V0f71CWobeFXbN+D:8ktfttsbIM2JlCIqfhgc3sV471RseFJk
Score1/10 -