General
-
Target
3bd8480d854be679518d8204e4fb8400_JaffaCakes118
-
Size
125KB
-
Sample
240729-h2svpssdke
-
MD5
3bd8480d854be679518d8204e4fb8400
-
SHA1
41be9dd0549da449c5658563298cf0a11c4e0d5a
-
SHA256
66d0a3720fbd929795d2969602753494bbf8d72f860bfa45ef61cad5dc998e15
-
SHA512
32738648ae33e1eb0cbc000ee85921a3381696e0375017d57694bddbc33b22e9d067eac2646416dceb76ed0dfbd53b134508d7a4f7c7c373b412789ff8aa0615
-
SSDEEP
3072:R7jroaobs2Lc0j1Z4VS+t2FzwuTUR4nBKj:Fj0aow2FJYS+mfTm4Uj
Static task
static1
Behavioral task
behavioral1
Sample
3bd8480d854be679518d8204e4fb8400_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
3bd8480d854be679518d8204e4fb8400_JaffaCakes118.exe
Resource
win10v2004-20240729-en
Malware Config
Extracted
pony
http://65.75.137.237/gate.php
http://65.75.138.212/gate.php
http://65.75.139.225/gate.php
http://65.75.140.218/gate.php
http://65.75.141.214/gate.php
http://65.75.142.202/gate.php
http://65.75.143.189/gate.php
http://65.75.144.219/gate.php
http://65.75.145.215/gate.php
http://65.75.146.203/gate.php
http://65.75.147.203/gate.php
http://65.75.148.198/gate.php
http://65.75.149.202/gate.php
http://simple-cdn-node.com/gate.php
-
payload_url
http://new-cdn-node.com/6.exe
Targets
-
-
Target
3bd8480d854be679518d8204e4fb8400_JaffaCakes118
-
Size
125KB
-
MD5
3bd8480d854be679518d8204e4fb8400
-
SHA1
41be9dd0549da449c5658563298cf0a11c4e0d5a
-
SHA256
66d0a3720fbd929795d2969602753494bbf8d72f860bfa45ef61cad5dc998e15
-
SHA512
32738648ae33e1eb0cbc000ee85921a3381696e0375017d57694bddbc33b22e9d067eac2646416dceb76ed0dfbd53b134508d7a4f7c7c373b412789ff8aa0615
-
SSDEEP
3072:R7jroaobs2Lc0j1Z4VS+t2FzwuTUR4nBKj:Fj0aow2FJYS+mfTm4Uj
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-