General
-
Target
73d21e07ddf9cd07fd645b80b57eebff_JaffaCakes118
-
Size
137KB
-
Sample
240726-ndjj1svapn
-
MD5
73d21e07ddf9cd07fd645b80b57eebff
-
SHA1
ce666eed5bfa5409ab80f8fde6ccf53b54410f07
-
SHA256
20623f9b0ba3ec5f6b1eca9baeeb82b6507a6cc201fa2c2720c7dccc3006939b
-
SHA512
393efc34209ea9920919d59c08b452ccfcd88566449c015cfc7f12119e93e22a9af93197d8be420a79077e7a23d6a72b554c921a3a675c62324b480e77b04c53
-
SSDEEP
1536:LCaB/7cjkYJAaUVN3YHDuymlyY8GwLuXvS+rJYFHpjur1qA6cwgvIq/jcX5iQ+:LCahbgokju8LkJApyrwA6c5/s0
Static task
static1
Behavioral task
behavioral1
Sample
73d21e07ddf9cd07fd645b80b57eebff_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
pony
http://www.alberghi.com:8080/pony/gate.php
http://buyandsmile.atomclick.co:8080/pony/gate.php
-
payload_url
http://staticbanner.adv.hu/pbLBReR.exe
http://estebandiaz.com.ar/Tq1Fh9aM.exe
http://giovanibenetti.com.br/P8nBC.exe
Targets
-
-
Target
73d21e07ddf9cd07fd645b80b57eebff_JaffaCakes118
-
Size
137KB
-
MD5
73d21e07ddf9cd07fd645b80b57eebff
-
SHA1
ce666eed5bfa5409ab80f8fde6ccf53b54410f07
-
SHA256
20623f9b0ba3ec5f6b1eca9baeeb82b6507a6cc201fa2c2720c7dccc3006939b
-
SHA512
393efc34209ea9920919d59c08b452ccfcd88566449c015cfc7f12119e93e22a9af93197d8be420a79077e7a23d6a72b554c921a3a675c62324b480e77b04c53
-
SSDEEP
1536:LCaB/7cjkYJAaUVN3YHDuymlyY8GwLuXvS+rJYFHpjur1qA6cwgvIq/jcX5iQ+:LCahbgokju8LkJApyrwA6c5/s0
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-