General
-
Target
621324886e649377c4d3f1cb9e532525_JaffaCakes118
-
Size
89KB
-
Sample
240729-1kmlgawerc
-
MD5
621324886e649377c4d3f1cb9e532525
-
SHA1
35d4abad95007a7264c3bfe0cb5c9eb91a01ceaa
-
SHA256
8bd42f4b867ccda4090f241e5d4ad9cb645fb0eec3b5e1276c8945ff2aa87b75
-
SHA512
ab646d9176c1a0487df46939dc50a30fc0bc1d0d39d3608257a6505827416ab4b40a24f8213c5a4f2e91842782010ccd6603c78872382dc7fb23aff498baace3
-
SSDEEP
1536:5RK3u/II/qTMO+IjkiLXzxYm+ObOO+uiiEupmJc0Z44OGsxt0Tv+E7WX+kzZxov:/qdIUwiLXzxV+Ob6vTupmJXOGOXE6h+
Behavioral task
behavioral1
Sample
621324886e649377c4d3f1cb9e532525_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
621324886e649377c4d3f1cb9e532525_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://paralysiesfaciale.com:8080/ponyb/gate.php
http://paralysiesfaciales.com:8080/ponyb/gate.php
http://shop.smsmpi.com:8080/ponyb/gate.php
http://smsmpi.com:8080/ponyb/gate.php
-
payload_url
http://cerram.es/222Xu.exe
http://alina-schmitt.de/qJ1qhU.exe
http://smallbizsuccessguide.com/g6XiC.exe
http://alkri.od.ua/sdoaeLWE.exe
http://pastamutfagi.com/up0UEB.exe
Targets
-
-
Target
621324886e649377c4d3f1cb9e532525_JaffaCakes118
-
Size
89KB
-
MD5
621324886e649377c4d3f1cb9e532525
-
SHA1
35d4abad95007a7264c3bfe0cb5c9eb91a01ceaa
-
SHA256
8bd42f4b867ccda4090f241e5d4ad9cb645fb0eec3b5e1276c8945ff2aa87b75
-
SHA512
ab646d9176c1a0487df46939dc50a30fc0bc1d0d39d3608257a6505827416ab4b40a24f8213c5a4f2e91842782010ccd6603c78872382dc7fb23aff498baace3
-
SSDEEP
1536:5RK3u/II/qTMO+IjkiLXzxYm+ObOO+uiiEupmJc0Z44OGsxt0Tv+E7WX+kzZxov:/qdIUwiLXzxV+Ob6vTupmJXOGOXE6h+
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-