General
-
Target
66a52dd1f59a29bd890e62af36541ce9_JaffaCakes118
-
Size
179KB
-
Sample
240729-29z4jazflg
-
MD5
66a52dd1f59a29bd890e62af36541ce9
-
SHA1
59898b710b4d6651950c3f1b0d997793ce16f56c
-
SHA256
62b4517a08b4ea5ffc79f350a13f50de187bc92489c1087dcf45df56e0a4338f
-
SHA512
c458aafe52193069b3972c6246754995ebee1a865f932bdccfbb9ca3955914290855e252389a45b74b95fd4e038634204d3d4ce520304948e19fc34cb29f3b6c
-
SSDEEP
3072:l7UPrhsPzl8y0NJBYTrZZpkQnZR2fLEHvPmn8p:VUdsPzuT+TrhkxWv+ny
Static task
static1
Behavioral task
behavioral1
Sample
66a52dd1f59a29bd890e62af36541ce9_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
66a52dd1f59a29bd890e62af36541ce9_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://108.178.59.26/forum/viewtopic.php
http://206.72.197.13/forum/viewtopic.php
-
payload_url
http://bobandcarl.com/hmSfQED.exe
http://uksense.org/TN3.exe
http://calcolailmutuo.com/L1yhbec7.exe
Targets
-
-
Target
66a52dd1f59a29bd890e62af36541ce9_JaffaCakes118
-
Size
179KB
-
MD5
66a52dd1f59a29bd890e62af36541ce9
-
SHA1
59898b710b4d6651950c3f1b0d997793ce16f56c
-
SHA256
62b4517a08b4ea5ffc79f350a13f50de187bc92489c1087dcf45df56e0a4338f
-
SHA512
c458aafe52193069b3972c6246754995ebee1a865f932bdccfbb9ca3955914290855e252389a45b74b95fd4e038634204d3d4ce520304948e19fc34cb29f3b6c
-
SSDEEP
3072:l7UPrhsPzl8y0NJBYTrZZpkQnZR2fLEHvPmn8p:VUdsPzuT+TrhkxWv+ny
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-