General
-
Target
fe905ed17bcf3e53a9a38f0ace182e96_JaffaCakes118
-
Size
1.5MB
-
Sample
240421-gcqtdacg8y
-
MD5
fe905ed17bcf3e53a9a38f0ace182e96
-
SHA1
ff1cefd1d5310c2d1aee48f770753bd7cd64e669
-
SHA256
2027a3fc488a5ecfa69e9a9057c8975e2d28cd6c937197ec69fc896c971285c3
-
SHA512
4c09285f0629ead58770238b2637abd561ec39748336526903fa943cc3a11cf51c1d5c38d5d145b8d857cfa3f3fc12a85d288797c398c284de817f51ccf087c7
-
SSDEEP
24576:fFb534xD3XpyiIkLlHpEZDsKdW4RvYijfWHaAZ0iWc7MupkAy/jLAT5FrFlPMtcm:Jh4ZdZpyDsKdWbijoT5fMupfILWlBpMt
Static task
static1
Behavioral task
behavioral1
Sample
fe905ed17bcf3e53a9a38f0ace182e96_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
cryptbot
ewaqfe45.top
morjau04.top
-
payload_url
http://winhaf05.top/download.php?file=lv.exe
Targets
-
-
Target
fe905ed17bcf3e53a9a38f0ace182e96_JaffaCakes118
-
Size
1.5MB
-
MD5
fe905ed17bcf3e53a9a38f0ace182e96
-
SHA1
ff1cefd1d5310c2d1aee48f770753bd7cd64e669
-
SHA256
2027a3fc488a5ecfa69e9a9057c8975e2d28cd6c937197ec69fc896c971285c3
-
SHA512
4c09285f0629ead58770238b2637abd561ec39748336526903fa943cc3a11cf51c1d5c38d5d145b8d857cfa3f3fc12a85d288797c398c284de817f51ccf087c7
-
SSDEEP
24576:fFb534xD3XpyiIkLlHpEZDsKdW4RvYijfWHaAZ0iWc7MupkAy/jLAT5FrFlPMtcm:Jh4ZdZpyDsKdWbijoT5fMupfILWlBpMt
Score10/10-
CryptBot payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-