General
-
Target
ff276c24e34a8760f6f3c9da8e8021ad_JaffaCakes118
-
Size
149KB
-
Sample
240421-ncakqaaa2y
-
MD5
ff276c24e34a8760f6f3c9da8e8021ad
-
SHA1
1ed65bb550f563370a2124d4d67e0ada8c3ad3db
-
SHA256
45e74c9002b8efbe582a46e0f6584ee503516cfb1322f1b2c1198c30d8042635
-
SHA512
6fd7f7ba082af3e3a9d78e868d904b7e633a0938c987f5ea7a1573dbc5f7fcdfc5329dca0eec7c9638e01a5dc628c57ec35977b2d6af4ecc1b948149d6a6c592
-
SSDEEP
3072:nuaYhZgLRxkstm6fE1TuU8A5Y3lO0GRKC6:ndYwR2stF8SUY3lrC6
Static task
static1
Behavioral task
behavioral1
Sample
ff276c24e34a8760f6f3c9da8e8021ad_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://panthers-frohnleiten.at:8080/pony/gate.php
http://ks384721.kimsufi.com:81/pony/gate.php
-
payload_url
http://ftp.irpiniaoggi.it/iztD.exe
http://www.w3haus.com.br/28wio.exe
Targets
-
-
Target
ff276c24e34a8760f6f3c9da8e8021ad_JaffaCakes118
-
Size
149KB
-
MD5
ff276c24e34a8760f6f3c9da8e8021ad
-
SHA1
1ed65bb550f563370a2124d4d67e0ada8c3ad3db
-
SHA256
45e74c9002b8efbe582a46e0f6584ee503516cfb1322f1b2c1198c30d8042635
-
SHA512
6fd7f7ba082af3e3a9d78e868d904b7e633a0938c987f5ea7a1573dbc5f7fcdfc5329dca0eec7c9638e01a5dc628c57ec35977b2d6af4ecc1b948149d6a6c592
-
SSDEEP
3072:nuaYhZgLRxkstm6fE1TuU8A5Y3lO0GRKC6:ndYwR2stF8SUY3lrC6
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-