General
-
Target
73d1b19bb2bdcba4aa6cb1660a76acf7_JaffaCakes118
-
Size
132KB
-
Sample
240726-nc5qvsyanh
-
MD5
73d1b19bb2bdcba4aa6cb1660a76acf7
-
SHA1
9a3f411a788023f0e09032ce8b480887d8048ca2
-
SHA256
a6164cb06e6838378e0c095dc08b3483afd2f5b9485122d873f0c62d57eea56b
-
SHA512
f06855f0a7fda17d08fd9ac19c2fbb542e5562d2477cdc8400d1354ef4faa56ae733b828c3393d085ea35622cd1a3b0a5f60ce1823f8b42ee112635765d4b88f
-
SSDEEP
3072:1evHyJ4S1bAt2YoxspMQUDuaIS+icqyzrPWkK:1DJ1bFfsMn+pzr+N
Static task
static1
Behavioral task
behavioral1
Sample
73d1b19bb2bdcba4aa6cb1660a76acf7_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
pony
http://dare2dreamz.com:8080/pony/gate.php
http://cityweddingguide.com:8080/pony/gate.php
-
payload_url
http://expresszmedia.hu/0evunCU7/RUAFT1J.exe
http://www.teronhieronta.net/f4TQk601/pHhR.exe
http://lozenitzawineanddine.net/MmWXchKV/yeTHapJ.exe
Targets
-
-
Target
73d1b19bb2bdcba4aa6cb1660a76acf7_JaffaCakes118
-
Size
132KB
-
MD5
73d1b19bb2bdcba4aa6cb1660a76acf7
-
SHA1
9a3f411a788023f0e09032ce8b480887d8048ca2
-
SHA256
a6164cb06e6838378e0c095dc08b3483afd2f5b9485122d873f0c62d57eea56b
-
SHA512
f06855f0a7fda17d08fd9ac19c2fbb542e5562d2477cdc8400d1354ef4faa56ae733b828c3393d085ea35622cd1a3b0a5f60ce1823f8b42ee112635765d4b88f
-
SSDEEP
3072:1evHyJ4S1bAt2YoxspMQUDuaIS+icqyzrPWkK:1DJ1bFfsMn+pzr+N
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-