General
-
Target
fd7261103d9ba89b2bce2e83816d97c4_JaffaCakes118
-
Size
134KB
-
Sample
240420-xxpptaff84
-
MD5
fd7261103d9ba89b2bce2e83816d97c4
-
SHA1
1aeea24397209016591c4fa2283ab9ad6c12f19b
-
SHA256
bb0505c6ccb48b6a379860eb2b89a78145302e980a24a75081de4c10deefa6cf
-
SHA512
e493290cfc22c2dcbbd5c826a6c6bffc3bf3ecafd4c8c34cbbab51022b8a9e695094aca0f682eece94afd20117fde9eab1dd1a327887b3599b9c472afd023a18
-
SSDEEP
3072:JAtE+SGiXIadjlwLkf6gHd6mowKsrCLeXUqQ:utBQnd5wY1d1GaRQ
Static task
static1
Behavioral task
behavioral1
Sample
fd7261103d9ba89b2bce2e83816d97c4_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://momus.com.tw:8080/pony/gate.php
http://174.140.171.19/pony/gate.php
-
payload_url
http://alcaponecigarillos.com/RdKtpaU.exe
http://freegermanpornsex.com/YiHVUjb.exe
http://www.cuboderoda.com.br/vPhQ.exe
Targets
-
-
Target
fd7261103d9ba89b2bce2e83816d97c4_JaffaCakes118
-
Size
134KB
-
MD5
fd7261103d9ba89b2bce2e83816d97c4
-
SHA1
1aeea24397209016591c4fa2283ab9ad6c12f19b
-
SHA256
bb0505c6ccb48b6a379860eb2b89a78145302e980a24a75081de4c10deefa6cf
-
SHA512
e493290cfc22c2dcbbd5c826a6c6bffc3bf3ecafd4c8c34cbbab51022b8a9e695094aca0f682eece94afd20117fde9eab1dd1a327887b3599b9c472afd023a18
-
SSDEEP
3072:JAtE+SGiXIadjlwLkf6gHd6mowKsrCLeXUqQ:utBQnd5wY1d1GaRQ
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-