General
-
Target
7f3913a16346193d50485061ea79b1e0_JaffaCakes118
-
Size
1.0MB
-
Sample
240529-c1bxxafh73
-
MD5
7f3913a16346193d50485061ea79b1e0
-
SHA1
ae9051ed40935240900d392b82978cdfae28c280
-
SHA256
62869dd10e3025be8ee4ad498214336ab2e68a2c37f7cbf3c340f2fa6854bb52
-
SHA512
0fec24b743478e09d9c784dfd24840af7fc92b24aa29367685de6115a73c2867f3609ea252e7358dfe3a2fc94551678129fcc9bf30d2f39e23180238c38d5cf2
-
SSDEEP
24576:U0ycEf/gsWZi6CVeHysNl0jnvH9KDCfbXEmSR8uDIRI2:Y
Static task
static1
Behavioral task
behavioral1
Sample
7f3913a16346193d50485061ea79b1e0_JaffaCakes118.rtf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7f3913a16346193d50485061ea79b1e0_JaffaCakes118.rtf
Resource
win10v2004-20240508-en
Malware Config
Extracted
pony
http://www.janabaalicheck.com/web-content/log/log/file/gate.php
-
payload_url
http://www.janabaalicheck.com/web-content/log/log/file/shit.exe
Targets
-
-
Target
7f3913a16346193d50485061ea79b1e0_JaffaCakes118
-
Size
1.0MB
-
MD5
7f3913a16346193d50485061ea79b1e0
-
SHA1
ae9051ed40935240900d392b82978cdfae28c280
-
SHA256
62869dd10e3025be8ee4ad498214336ab2e68a2c37f7cbf3c340f2fa6854bb52
-
SHA512
0fec24b743478e09d9c784dfd24840af7fc92b24aa29367685de6115a73c2867f3609ea252e7358dfe3a2fc94551678129fcc9bf30d2f39e23180238c38d5cf2
-
SSDEEP
24576:U0ycEf/gsWZi6CVeHysNl0jnvH9KDCfbXEmSR8uDIRI2:Y
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-