General
-
Target
3bd838a0d9a18bea7b2e44aa0e2785d2_JaffaCakes118
-
Size
133KB
-
Sample
240729-h2q14syarp
-
MD5
3bd838a0d9a18bea7b2e44aa0e2785d2
-
SHA1
e9deb6e25635a1177c395fdb597c4b5bcd4b0e46
-
SHA256
939e6a369e627141616143feb0fd8a07c345081497d6d24fe96b81ea820e0efa
-
SHA512
40d4a93f193de9cee83d28d79daf214256d8b65f7dc08c2b6d1ca6f0986c85e02a4433685c649573d7a0df299af04c7d521c5bfcafa36300dc19c7fb73ba399e
-
SSDEEP
1536:EkppaDFMmiF/zh3M9etvtsSC+Lgu95ogO6ewxQ55/oC9+cRFfc9zPG3R7:lpOO1Oet1tlClBoCxrua3p
Static task
static1
Behavioral task
behavioral1
Sample
3bd838a0d9a18bea7b2e44aa0e2785d2_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
3bd838a0d9a18bea7b2e44aa0e2785d2_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
pony
http://capitulosde.com:8080/forum/viewtopic.php
http://168.144.38.105:8080/forum/viewtopic.php
-
payload_url
http://fundepalma.org/hr5JHr1.exe
http://74.208.218.30/RngUvek.exe
http://rdquark.com/cAB.exe
http://matheusilva.com/ttmX4XF.exe
http://aasamant.com/0bBNjyL.exe
http://josemarmolclub.com.ar/BJJr.exe
http://alispide.net/V61zmw.exe
http://docencia.cl/gUXoWb.exe
Targets
-
-
Target
3bd838a0d9a18bea7b2e44aa0e2785d2_JaffaCakes118
-
Size
133KB
-
MD5
3bd838a0d9a18bea7b2e44aa0e2785d2
-
SHA1
e9deb6e25635a1177c395fdb597c4b5bcd4b0e46
-
SHA256
939e6a369e627141616143feb0fd8a07c345081497d6d24fe96b81ea820e0efa
-
SHA512
40d4a93f193de9cee83d28d79daf214256d8b65f7dc08c2b6d1ca6f0986c85e02a4433685c649573d7a0df299af04c7d521c5bfcafa36300dc19c7fb73ba399e
-
SSDEEP
1536:EkppaDFMmiF/zh3M9etvtsSC+Lgu95ogO6ewxQ55/oC9+cRFfc9zPG3R7:lpOO1Oet1tlClBoCxrua3p
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-