General
-
Target
f295b6024d248163f14b87bc6aed9db5_JaffaCakes118
-
Size
675KB
-
Sample
240416-d2cq9sab8v
-
MD5
f295b6024d248163f14b87bc6aed9db5
-
SHA1
b16d00942ca755d99f061ec63411c5cdd521f64c
-
SHA256
03f1f8cb65e89c21c87f0e04c65dace4d48c708dd175056e581516bd94c50bfa
-
SHA512
c52252e801997ae01487cb57e3eec2b2b92303a49fceba676fd746c5c2e6d8c6fc8d60c25f7de07794893c0d43ebcc6b786eea68188df222e980df8542a49063
-
SSDEEP
12288:JmfR9Cu6Hml1T4pOJK6DzMJKtB61OPu7faLc5kSEkwVgyo22tDtuejoWXNj0p6Pj:YCu6Hmz456fMJI8O4hY+yoltDwetKp6
Static task
static1
Behavioral task
behavioral1
Sample
f295b6024d248163f14b87bc6aed9db5_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
ewaqly46.top
morjau04.top
-
payload_url
http://winhaf05.top/download.php?file=lv.exe
Targets
-
-
Target
f295b6024d248163f14b87bc6aed9db5_JaffaCakes118
-
Size
675KB
-
MD5
f295b6024d248163f14b87bc6aed9db5
-
SHA1
b16d00942ca755d99f061ec63411c5cdd521f64c
-
SHA256
03f1f8cb65e89c21c87f0e04c65dace4d48c708dd175056e581516bd94c50bfa
-
SHA512
c52252e801997ae01487cb57e3eec2b2b92303a49fceba676fd746c5c2e6d8c6fc8d60c25f7de07794893c0d43ebcc6b786eea68188df222e980df8542a49063
-
SSDEEP
12288:JmfR9Cu6Hml1T4pOJK6DzMJKtB61OPu7faLc5kSEkwVgyo22tDtuejoWXNj0p6Pj:YCu6Hmz456fMJI8O4hY+yoltDwetKp6
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-