General
-
Target
6eb7f3284274535f8c7e53c577a7a27f_JaffaCakes118
-
Size
108KB
-
Sample
240725-jqnbhswhnn
-
MD5
6eb7f3284274535f8c7e53c577a7a27f
-
SHA1
943a44dbd4f7ed1919329b6c2c724ad3fa320b9f
-
SHA256
5f9b823eaaab429597b1c90fe1e269536c650ff327060af803da74003051f5b4
-
SHA512
70d199d3bcbaa9a0773b9b6c0758fc2517a57c14f4278bc73f6bd4f9cf8fd97897293888b354e969af1d55acfac90fc888056784d42dec315d8a1c246d6645f4
-
SSDEEP
3072:tUz7yfo7x09S5w6zbc9DDeMUcNFWCL9oRz:tg7EIw19JgR
Static task
static1
Behavioral task
behavioral1
Sample
6eb7f3284274535f8c7e53c577a7a27f_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
6eb7f3284274535f8c7e53c577a7a27f_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://187.9.27.164:8080/forum/viewtopic.php
http://74.91.121.211/forum/viewtopic.php
-
payload_url
http://allsights.com/bmvnV5HK.exe
http://www.erdemsifa.com/kT8C.exe
http://joia.be/3Zsk5.exe
Targets
-
-
Target
6eb7f3284274535f8c7e53c577a7a27f_JaffaCakes118
-
Size
108KB
-
MD5
6eb7f3284274535f8c7e53c577a7a27f
-
SHA1
943a44dbd4f7ed1919329b6c2c724ad3fa320b9f
-
SHA256
5f9b823eaaab429597b1c90fe1e269536c650ff327060af803da74003051f5b4
-
SHA512
70d199d3bcbaa9a0773b9b6c0758fc2517a57c14f4278bc73f6bd4f9cf8fd97897293888b354e969af1d55acfac90fc888056784d42dec315d8a1c246d6645f4
-
SSDEEP
3072:tUz7yfo7x09S5w6zbc9DDeMUcNFWCL9oRz:tg7EIw19JgR
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-