General
-
Target
18549ecf29b34a5836a6acc5ba7851e3_JaffaCakes118
-
Size
142KB
-
Sample
240728-vb93hsxcmg
-
MD5
18549ecf29b34a5836a6acc5ba7851e3
-
SHA1
c934a5e9adf6c6ff72f32b099081849c9e35c538
-
SHA256
4817e237be21b868c904048d5f920a15d00d120e4d5807fe7d82fed5460f5257
-
SHA512
de5afccf4cf7bddab4888ebaa07ca66f7b1f17ca1b5c9faf4de7d449f11afdb1caaf9e3126bca8fa99f0bbfa8360afd5a2f22a253e04e60da14dcca431e6284f
-
SSDEEP
3072:Py6VEpbWjJ53u84WUgkfwlzqYX/QyQN9i:vVEs6W5kfSeYXIyiw
Static task
static1
Behavioral task
behavioral1
Sample
18549ecf29b34a5836a6acc5ba7851e3_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
18549ecf29b34a5836a6acc5ba7851e3_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://184.172.134.62:8080/pony/gate.php
http://173.224.215.71/pony/gate.php
Targets
-
-
Target
18549ecf29b34a5836a6acc5ba7851e3_JaffaCakes118
-
Size
142KB
-
MD5
18549ecf29b34a5836a6acc5ba7851e3
-
SHA1
c934a5e9adf6c6ff72f32b099081849c9e35c538
-
SHA256
4817e237be21b868c904048d5f920a15d00d120e4d5807fe7d82fed5460f5257
-
SHA512
de5afccf4cf7bddab4888ebaa07ca66f7b1f17ca1b5c9faf4de7d449f11afdb1caaf9e3126bca8fa99f0bbfa8360afd5a2f22a253e04e60da14dcca431e6284f
-
SSDEEP
3072:Py6VEpbWjJ53u84WUgkfwlzqYX/QyQN9i:vVEs6W5kfSeYXIyiw
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-