General
-
Target
1d6de264abd04c3646bc5f90ee35f900_JaffaCakes118
-
Size
69KB
-
Sample
240728-xghxbsyckl
-
MD5
1d6de264abd04c3646bc5f90ee35f900
-
SHA1
497fd2f1d8bc50fe0983c78e3a1387814e7c4d07
-
SHA256
f5c7b679d39e13513efaa6538568a10e9cd55bb1ce262a7a7d0f94836d0f523a
-
SHA512
62fec82f1580047bd1cd8a4d6b7ce6a86a7048b53e00edfa6fca112c5eadba1923b0edc4c5cacd2cf39868d7ef9fd74caf3ca661ac6b6db94cc708e8b0a15f4d
-
SSDEEP
1536:+QeZdNpEVR/8/I1adZxB6Et8h0wLvVKsG9ynnkVTUXp6R0w8jq/xLGCLL:+QevEz/8/I1a36KK7cmUTU54xLGCn
Static task
static1
Behavioral task
behavioral1
Sample
NACHA-Electronic-Payment-System-report-ID342234E344F456643111E234F45566433.pdf.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
NACHA-Electronic-Payment-System-report-ID342234E344F456643111E234F45566433.pdf.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://174.140.167.107/forum/viewtopic.php
http://173.245.7.230/forum/viewtopic.php
-
payload_url
http://dechotheband.gr/5Wjm3iV2.exe
http://alpertarimurunleri.com/rRq.exe
http://kuntticaret.com/v6e7WMJ.exe
http://rumanas.org/1vAWoxz3.exe
http://www.10130138.wavelearn.de/4pxp.exe
http://184.107.222.147/c6uHT1.exe
http://visiosofttechnologies.com/iDm9vs.exe
http://autogold.com/oft4wna.exe
http://plusloinart.be/Ue7cHNm.exe
http://marengoit.pl/ZBrBpBh2.exe
Targets
-
-
Target
NACHA-Electronic-Payment-System-report-ID342234E344F456643111E234F45566433.pdf.exe
-
Size
104KB
-
MD5
d74009b4aa9244aa28fe58f4923448f0
-
SHA1
a564c103003a721f907ddd2c1aa5c021cdde2add
-
SHA256
67ea2672944096c1c1bbd2990881c95d05ddb8351597231d3027c1766bd06f38
-
SHA512
fe49c680436cdd96dcb802ce858add849744cf08fb1fb168607ec62500519cb6174b440ad191d650650ca0cf27906cb3aa8f88fb5287ba59447734cd5d83c3fd
-
SSDEEP
3072:mWs1Px8w2x2bJMXGh17MPKy0KNKJ5OMvfW:mWsNx8wU2+Gh17CKjKNWbfW
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-