General
-
Target
670fd632dc48d7699db272c27daa82f4_JaffaCakes118
-
Size
108KB
-
Sample
240522-na349acg2z
-
MD5
670fd632dc48d7699db272c27daa82f4
-
SHA1
3369e9e950b11a7013a5b05e680448b64117d137
-
SHA256
2d8c515ee7e34f0919e05a8b0a7e4ab7fc73370d2a602e613e0e734b78313cbf
-
SHA512
0c46df3f716470ff6f541da0c0d58b4775f3b95912a7a319c31e2fbfeb38d08f02bf538fa06da9e7e741ffdf7d11874fcf8ff0594a2be68701724d9e239c1122
-
SSDEEP
1536:LIZW7B03onqT3posPJleG9mqUluvTeUr7muwXmybOVlwFTvzkzk7wqeNvu:MU7a4VsRSnCH72OVmdUqeg
Behavioral task
behavioral1
Sample
670fd632dc48d7699db272c27daa82f4_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://octpendant.org.in/smooth12oc-12nov/gate.php
Targets
-
-
Target
670fd632dc48d7699db272c27daa82f4_JaffaCakes118
-
Size
108KB
-
MD5
670fd632dc48d7699db272c27daa82f4
-
SHA1
3369e9e950b11a7013a5b05e680448b64117d137
-
SHA256
2d8c515ee7e34f0919e05a8b0a7e4ab7fc73370d2a602e613e0e734b78313cbf
-
SHA512
0c46df3f716470ff6f541da0c0d58b4775f3b95912a7a319c31e2fbfeb38d08f02bf538fa06da9e7e741ffdf7d11874fcf8ff0594a2be68701724d9e239c1122
-
SSDEEP
1536:LIZW7B03onqT3posPJleG9mqUluvTeUr7muwXmybOVlwFTvzkzk7wqeNvu:MU7a4VsRSnCH72OVmdUqeg
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-