General
-
Target
6e75b846207c166f882226e6ffb7c000_JaffaCakes118
-
Size
1.1MB
-
Sample
240524-n9s4bshg97
-
MD5
6e75b846207c166f882226e6ffb7c000
-
SHA1
94ca9238a4888754df1f7e0cef0d4cab6f1eef24
-
SHA256
3b5402a65f8301b97bfc1dc276b97f695ec7cb44efc1e941ed0f4778eda26fa6
-
SHA512
166321f32b0196bc5577f13e72e3b4d4db6c5fcd95423b639711c18e4d7bb767f6e98fa905aa1cc8195e262c56bce3ac46e9e80b569ea076a29973f20aec9bbe
-
SSDEEP
24576:kO0N1KqkD77mkJxTjloSVpXcgs4hI/twQ/:5YE1T+ONWD
Static task
static1
Behavioral task
behavioral1
Sample
6e75b846207c166f882226e6ffb7c000_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://199.192.25.237/~catchusnot/panel/gate.php
Targets
-
-
Target
6e75b846207c166f882226e6ffb7c000_JaffaCakes118
-
Size
1.1MB
-
MD5
6e75b846207c166f882226e6ffb7c000
-
SHA1
94ca9238a4888754df1f7e0cef0d4cab6f1eef24
-
SHA256
3b5402a65f8301b97bfc1dc276b97f695ec7cb44efc1e941ed0f4778eda26fa6
-
SHA512
166321f32b0196bc5577f13e72e3b4d4db6c5fcd95423b639711c18e4d7bb767f6e98fa905aa1cc8195e262c56bce3ac46e9e80b569ea076a29973f20aec9bbe
-
SSDEEP
24576:kO0N1KqkD77mkJxTjloSVpXcgs4hI/twQ/:5YE1T+ONWD
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-