General
-
Target
013f51adbdfc57805523576f0864be2d_JaffaCakes118
-
Size
386KB
-
Sample
240426-vm7rjagb92
-
MD5
013f51adbdfc57805523576f0864be2d
-
SHA1
2b1a2b04e027c5b238fe8aef247da0873ea7cc3e
-
SHA256
e57c9320ec6ae7d2fcb1bdc7d59033411b50fc5d4d28c88137d19fc1edaa279b
-
SHA512
579970a03258981a9ae879cd351ed8db06d4469dc726a82216886eb883087f7293afbeb2e54d3b2d7e185420517f55fd48740098a8e38291a6adc1f38cd1cbd0
-
SSDEEP
6144:TjbeifBxa5tFRRpYUcds1xuLhcmhqFecw51q99swY1JGfYIcg/9QmKX7:TuEAPFxZce1xuccq9w51q/sB1JfloOzr
Static task
static1
Behavioral task
behavioral1
Sample
013f51adbdfc57805523576f0864be2d_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
013f51adbdfc57805523576f0864be2d_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
pony
http://gregorian.club/ifamandiebyaccident/gate.php
-
payload_url
http://myp0nysite.ru/shit.exe
Targets
-
-
Target
013f51adbdfc57805523576f0864be2d_JaffaCakes118
-
Size
386KB
-
MD5
013f51adbdfc57805523576f0864be2d
-
SHA1
2b1a2b04e027c5b238fe8aef247da0873ea7cc3e
-
SHA256
e57c9320ec6ae7d2fcb1bdc7d59033411b50fc5d4d28c88137d19fc1edaa279b
-
SHA512
579970a03258981a9ae879cd351ed8db06d4469dc726a82216886eb883087f7293afbeb2e54d3b2d7e185420517f55fd48740098a8e38291a6adc1f38cd1cbd0
-
SSDEEP
6144:TjbeifBxa5tFRRpYUcds1xuLhcmhqFecw51q99swY1JGfYIcg/9QmKX7:TuEAPFxZce1xuccq9w51q/sB1JfloOzr
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-