General
-
Target
18e7ad6a3d554c9a28c5823abf9a5454_JaffaCakes118
-
Size
170KB
-
Sample
240628-fw9j6ashkg
-
MD5
18e7ad6a3d554c9a28c5823abf9a5454
-
SHA1
b8de28ef1f48cbb5af4ef1c4d0f0c36d65eacfb7
-
SHA256
9df80f3ad941a74b6f524cc7f39b515cb4a528c39d03a8e15626e9019fb6f3e6
-
SHA512
92c1e8b472ea8a1a0645bf77962901ea2a7f19be7933ef101e8ef5492a829fdd51e19563c128d1d6a58c92119bdb4ef3e61e44422bfef413f026ebfc54bebc83
-
SSDEEP
3072:tuU82zW7pqge2T4NskpYmWJ30Psk559oKHYed:oaC1qR2TyLfskPsucKX
Static task
static1
Behavioral task
behavioral1
Sample
18e7ad6a3d554c9a28c5823abf9a5454_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
18e7ad6a3d554c9a28c5823abf9a5454_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
pony
http://178.77.99.145:8080/pony/gate.php
http://49.156.20.209:8080/pony/gate.php
-
payload_url
http://borbo.net/YBbsQ5wB.exe
http://misterm.at/Cttr.exe
Targets
-
-
Target
18e7ad6a3d554c9a28c5823abf9a5454_JaffaCakes118
-
Size
170KB
-
MD5
18e7ad6a3d554c9a28c5823abf9a5454
-
SHA1
b8de28ef1f48cbb5af4ef1c4d0f0c36d65eacfb7
-
SHA256
9df80f3ad941a74b6f524cc7f39b515cb4a528c39d03a8e15626e9019fb6f3e6
-
SHA512
92c1e8b472ea8a1a0645bf77962901ea2a7f19be7933ef101e8ef5492a829fdd51e19563c128d1d6a58c92119bdb4ef3e61e44422bfef413f026ebfc54bebc83
-
SSDEEP
3072:tuU82zW7pqge2T4NskpYmWJ30Psk559oKHYed:oaC1qR2TyLfskPsucKX
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-