General
-
Target
772b9683d082c5aed65aa688142c3baf_JaffaCakes118
-
Size
161KB
-
Sample
240526-3hbsasga7w
-
MD5
772b9683d082c5aed65aa688142c3baf
-
SHA1
d9c8ecf1534d53bb3734c8e07f405a718e03fb83
-
SHA256
410876d59ba0aed1a7d310c5a044c9f6ef01cc4b07284326e5de6a065215a6d9
-
SHA512
5c256662182480e1822c9ec908999e701e096e88b65bdb88392e7ce836afd39b3fda5b019c1bd66c743889f4efb98791eacd46b16e8a64389cffaf084613f8b4
-
SSDEEP
3072:/LOTLZhs0uDI0rAfOXl+y+uql/GOtsrVrqhTqndtndhndKndI:KTLFuD6fOXlql/GLJrqqndtndhndKndI
Behavioral task
behavioral1
Sample
772b9683d082c5aed65aa688142c3baf_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
pony
http://butterchoco.net/admin/bull/gate.php
Targets
-
-
Target
772b9683d082c5aed65aa688142c3baf_JaffaCakes118
-
Size
161KB
-
MD5
772b9683d082c5aed65aa688142c3baf
-
SHA1
d9c8ecf1534d53bb3734c8e07f405a718e03fb83
-
SHA256
410876d59ba0aed1a7d310c5a044c9f6ef01cc4b07284326e5de6a065215a6d9
-
SHA512
5c256662182480e1822c9ec908999e701e096e88b65bdb88392e7ce836afd39b3fda5b019c1bd66c743889f4efb98791eacd46b16e8a64389cffaf084613f8b4
-
SSDEEP
3072:/LOTLZhs0uDI0rAfOXl+y+uql/GOtsrVrqhTqndtndhndKndI:KTLFuD6fOXlql/GLJrqqndtndhndKndI
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-