General
-
Target
6aeac683ba0acc4b1eb841d3f5b8267f_JaffaCakes118
-
Size
161KB
-
Sample
240523-pgvbcshb23
-
MD5
6aeac683ba0acc4b1eb841d3f5b8267f
-
SHA1
2ba316590f6ee14532243045c82bdaf37b9044a6
-
SHA256
51a8db2160d4b598dcad47c7861b2ecccafbd5b0d70e29f5db896bf6fd31beba
-
SHA512
f1eb65b49d2e9b3da996ceeefe304cdbed308ff180824dbd2ca863f791a89ff31bd3e53a15e7466faf8c2f2a176bec2778507e83e0eeffd182fc3c762583a3ae
-
SSDEEP
3072:siTLZhs0uDI0rAfOXl+y+uql/GOtsrVrqhTqndtndhndKndo:HTLFuD6fOXlql/GLJrqqndtndhndKndo
Behavioral task
behavioral1
Sample
6aeac683ba0acc4b1eb841d3f5b8267f_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
pony
http://butterchoco.net/admin/bull/gate.php
Targets
-
-
Target
6aeac683ba0acc4b1eb841d3f5b8267f_JaffaCakes118
-
Size
161KB
-
MD5
6aeac683ba0acc4b1eb841d3f5b8267f
-
SHA1
2ba316590f6ee14532243045c82bdaf37b9044a6
-
SHA256
51a8db2160d4b598dcad47c7861b2ecccafbd5b0d70e29f5db896bf6fd31beba
-
SHA512
f1eb65b49d2e9b3da996ceeefe304cdbed308ff180824dbd2ca863f791a89ff31bd3e53a15e7466faf8c2f2a176bec2778507e83e0eeffd182fc3c762583a3ae
-
SSDEEP
3072:siTLZhs0uDI0rAfOXl+y+uql/GOtsrVrqhTqndtndhndKndo:HTLFuD6fOXlql/GLJrqqndtndhndKndo
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-