General
-
Target
4a867074425165fe805ac94a633a5c90_JaffaCakes118
-
Size
92KB
-
Sample
240729-q8va4svhrb
-
MD5
4a867074425165fe805ac94a633a5c90
-
SHA1
98812a71f92cf640d1eb2b2f63aeb7dec99fc414
-
SHA256
c0e7271c4b32d95504b7622335144af32785d45b81d88d91ae3d2688733f0e73
-
SHA512
3f4971edc4845e55bc7e63ada9ed678c93a3325afa9fed2f29182e867afdedcef46402a2170e805af17a154e61c9278411cae0ed7b55e368938555d3470e3841
-
SSDEEP
1536:4uzaltfBSqTcPNDC94OjrL6dw0Yzp5SkzzVSZUdfFvQchyS+OOo+dTvOECBVkzmG:pypAbOjrb0Yzp5SwQZUvR+Od3ECbG
Behavioral task
behavioral1
Sample
4a867074425165fe805ac94a633a5c90_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
4a867074425165fe805ac94a633a5c90_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://weshift.net:8080/forum/viewtopic.php
http://207.58.180.139:8080/forum/viewtopic.php
http://aoc.fm:8080/forum/viewtopic.php
http://changepioneers.at:8080/forum/viewtopic.php
-
payload_url
http://www.myappie.com/csAm.exe
http://eco-build.gr/7nX7Wqm.exe
http://163756.webhosting63.1blu.de/2uKiv.exe
Targets
-
-
Target
4a867074425165fe805ac94a633a5c90_JaffaCakes118
-
Size
92KB
-
MD5
4a867074425165fe805ac94a633a5c90
-
SHA1
98812a71f92cf640d1eb2b2f63aeb7dec99fc414
-
SHA256
c0e7271c4b32d95504b7622335144af32785d45b81d88d91ae3d2688733f0e73
-
SHA512
3f4971edc4845e55bc7e63ada9ed678c93a3325afa9fed2f29182e867afdedcef46402a2170e805af17a154e61c9278411cae0ed7b55e368938555d3470e3841
-
SSDEEP
1536:4uzaltfBSqTcPNDC94OjrL6dw0Yzp5SkzzVSZUdfFvQchyS+OOo+dTvOECBVkzmG:pypAbOjrb0Yzp5SwQZUvR+Od3ECbG
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-