General
-
Target
f9ae968b4b5bfc5e5aaa0916f896d75e_JaffaCakes118
-
Size
145KB
-
Sample
240419-g2vhvsag47
-
MD5
f9ae968b4b5bfc5e5aaa0916f896d75e
-
SHA1
e81e1fe1abd00bdfc4e4bb96946c75a284515655
-
SHA256
8dfc7d14392ff75da93eea203cb605332e0a2c3d6847bc72d013a9b450783382
-
SHA512
a3f1b1f6d02ab49bc1d88b57332f2b126d11a644a3f5007f7c584a4fc01dcbab63d3da0c60db898b7dba279182a0fda8715e50d6da89bc5b809f366f834dc3f5
-
SSDEEP
3072:zEre7htdArqaBXO5Gq8fogP1a/WEl3y42N6sXR9gQ9y:9hezBXO5aoCElC4YLfNy
Static task
static1
Behavioral task
behavioral1
Sample
f9ae968b4b5bfc5e5aaa0916f896d75e_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://91.121.93.178:8080/pony/gate.php
http://aurianedamez.fr:8080/pony/gate.php
-
payload_url
http://tradeshowshops.com/eAAht3sE.exe
http://www.diamondtrust.com/5w2kqp.exe
http://cpsmortgages.com/6t27yZy.exe
Targets
-
-
Target
f9ae968b4b5bfc5e5aaa0916f896d75e_JaffaCakes118
-
Size
145KB
-
MD5
f9ae968b4b5bfc5e5aaa0916f896d75e
-
SHA1
e81e1fe1abd00bdfc4e4bb96946c75a284515655
-
SHA256
8dfc7d14392ff75da93eea203cb605332e0a2c3d6847bc72d013a9b450783382
-
SHA512
a3f1b1f6d02ab49bc1d88b57332f2b126d11a644a3f5007f7c584a4fc01dcbab63d3da0c60db898b7dba279182a0fda8715e50d6da89bc5b809f366f834dc3f5
-
SSDEEP
3072:zEre7htdArqaBXO5Gq8fogP1a/WEl3y42N6sXR9gQ9y:9hezBXO5aoCElC4YLfNy
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-