General
-
Target
f67a3537d3cee1638d98e0d0478fd8e4_JaffaCakes118
-
Size
130KB
-
Sample
240417-xwxc9sbc86
-
MD5
f67a3537d3cee1638d98e0d0478fd8e4
-
SHA1
b662b3f624a1243bf5ce1bbe4900eaabe3e16bab
-
SHA256
0d065727b9501c10cab71fb58c04cfa7b3c03c25000768bda274a7d6418f3735
-
SHA512
6b602373d519d6e0b4b01f2614bbfdf341fa27e7994ce3d6c77730b0720fe50af9e83a279f85d79bc966b947ccd974fa1024604b68843a87f2a57bbc34c92419
-
SSDEEP
1536:u+UL5/7vrMGlxjPYCxZeFu3JDKgiOG3QeuXnSIpAlysxPg2KdaX3HyOl0DKm9eZK:4vrT9BxZQu3XG3aXNpUWCyOl0DKseZK
Static task
static1
Behavioral task
behavioral1
Sample
f67a3537d3cee1638d98e0d0478fd8e4_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f67a3537d3cee1638d98e0d0478fd8e4_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
pony
http://108.166.65.182:8080/pony/gate.php
http://aloucakbileti.com:8080/pony/gate.php
-
payload_url
http://seo.co.it/Mxp7.exe
http://www.fiskus.com.br/t9B.exe
Targets
-
-
Target
f67a3537d3cee1638d98e0d0478fd8e4_JaffaCakes118
-
Size
130KB
-
MD5
f67a3537d3cee1638d98e0d0478fd8e4
-
SHA1
b662b3f624a1243bf5ce1bbe4900eaabe3e16bab
-
SHA256
0d065727b9501c10cab71fb58c04cfa7b3c03c25000768bda274a7d6418f3735
-
SHA512
6b602373d519d6e0b4b01f2614bbfdf341fa27e7994ce3d6c77730b0720fe50af9e83a279f85d79bc966b947ccd974fa1024604b68843a87f2a57bbc34c92419
-
SSDEEP
1536:u+UL5/7vrMGlxjPYCxZeFu3JDKgiOG3QeuXnSIpAlysxPg2KdaX3HyOl0DKm9eZK:4vrT9BxZQu3XG3aXNpUWCyOl0DKseZK
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-