General
-
Target
741d89117c819a982e4f3ab9e5102e73_JaffaCakes118
-
Size
159KB
-
Sample
240726-pzzc2aycpp
-
MD5
741d89117c819a982e4f3ab9e5102e73
-
SHA1
a861e97585985a10dca047072ff3ce2afb624671
-
SHA256
3dd765f81092c2eaf60409e91834deb9d06294150aa9a6201240fcc69872d777
-
SHA512
6d1f8a5294167323ebae99b18d8b154a9a96e93d237caa3a23ff9779526bfd7aec34fac6816b5f34fd71ca30105ffb01d53fc22fa0f746755e429851caf85285
-
SSDEEP
1536:cKPEe7vWuZtAV9PJE4h+lrkFtEd1NdhB3f0LWc9/7NIO2sYcAOz02UqejgOn6K:che7v5YV9XekHc9mx9zNIO2sYSdUfX6K
Static task
static1
Behavioral task
behavioral1
Sample
741d89117c819a982e4f3ab9e5102e73_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
741d89117c819a982e4f3ab9e5102e73_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://etsiunjour.fr:81/pony/gate.php
http://akamaifilms.com:81/pony/gate.php
-
payload_url
http://robot2.workerhire.com/5Cd.exe
http://sportmed.com.ar/9wpmwY2L.exe
http://igrejabatistacarlosprates.com/vtn6aczp.exe
Targets
-
-
Target
741d89117c819a982e4f3ab9e5102e73_JaffaCakes118
-
Size
159KB
-
MD5
741d89117c819a982e4f3ab9e5102e73
-
SHA1
a861e97585985a10dca047072ff3ce2afb624671
-
SHA256
3dd765f81092c2eaf60409e91834deb9d06294150aa9a6201240fcc69872d777
-
SHA512
6d1f8a5294167323ebae99b18d8b154a9a96e93d237caa3a23ff9779526bfd7aec34fac6816b5f34fd71ca30105ffb01d53fc22fa0f746755e429851caf85285
-
SSDEEP
1536:cKPEe7vWuZtAV9PJE4h+lrkFtEd1NdhB3f0LWc9/7NIO2sYcAOz02UqejgOn6K:che7v5YV9XekHc9mx9zNIO2sYSdUfX6K
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-