General
-
Target
16b61170623f07f2920f2d9ce4980980_JaffaCakes118
-
Size
128KB
-
Sample
240627-t3tzyascqq
-
MD5
16b61170623f07f2920f2d9ce4980980
-
SHA1
168527f59f6ac6d0e0da75aaae18eab260c337ea
-
SHA256
8ae804090260573207bea218713786854e27858d7a694c594b859f652f120302
-
SHA512
7e645dde4a72d8ceff69cf32af183ac226fa097066e52ce44b872c0dd4c932828b907f51f561ac3bf8719f3db2d810587ad9a76ef9a072aeaf361b9fa703d28a
-
SSDEEP
3072:uGHi6mwJfjNHsXJNYxHWPKBV4ENNoDjrqVDAEmJI:+OfjOXJSxH54ENijrODAE
Static task
static1
Behavioral task
behavioral1
Sample
16b61170623f07f2920f2d9ce4980980_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://67.215.225.205:8080/ponys/gate.php
http://216.231.139.111/ponys/gate.php
-
payload_url
http://build-in.cz/CBopQ0TA/YD94an.exe
http://heincountry.com/Lx38YeDG/PZ2AC.exe
http://waxsurfers.com/KrYtpYBC/a0Y.exe
Targets
-
-
Target
16b61170623f07f2920f2d9ce4980980_JaffaCakes118
-
Size
128KB
-
MD5
16b61170623f07f2920f2d9ce4980980
-
SHA1
168527f59f6ac6d0e0da75aaae18eab260c337ea
-
SHA256
8ae804090260573207bea218713786854e27858d7a694c594b859f652f120302
-
SHA512
7e645dde4a72d8ceff69cf32af183ac226fa097066e52ce44b872c0dd4c932828b907f51f561ac3bf8719f3db2d810587ad9a76ef9a072aeaf361b9fa703d28a
-
SSDEEP
3072:uGHi6mwJfjNHsXJNYxHWPKBV4ENNoDjrqVDAEmJI:+OfjOXJSxH54ENijrODAE
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-