General
-
Target
4d4b9740fceb875ea8b5c0e75eee518c_JaffaCakes118
-
Size
89KB
-
Sample
240729-r71l6stckr
-
MD5
4d4b9740fceb875ea8b5c0e75eee518c
-
SHA1
e8d30f1012b70a8b80672dad829a7f77156fe50c
-
SHA256
00cbc16f250d25dd2633d07c071692ee26823e055d2ed4d7cd87766dce41e704
-
SHA512
eaaa5020cbaafc884482101fa3fcc14a413ef0c7a1aa4a73993fa3899894a0ca8c5f1dad6d2c86f48c66e9db5b2ac498680b8f94f2adcf8e156400f8a24e3f4c
-
SSDEEP
1536:mTfV30H1G7tqT3ngZcYYzdFDIJT+fuY/13GFGO+MYMTvCEyskzZx:2VGybcYYzdFIJTQJ5O+lLEyvx
Behavioral task
behavioral1
Sample
4d4b9740fceb875ea8b5c0e75eee518c_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4d4b9740fceb875ea8b5c0e75eee518c_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://br1.irontrial.com:8080/ponyb/gate.php
http://br1.pineapplesdonthavesleeves.com:8080/ponyb/gate.php
http://89.166.50.40:8080/ponyb/gate.php
http://6.magicalomaha.com/ponyb/gate.php
-
payload_url
http://gleeclub.bplaced.net/eHeSq.exe
http://mybuss.com.mx/bvpVa0E.exe
http://blazingindustrial.net/eKcV.exe
http://208.109.123.21/sjqviLEQ.exe
http://khioffices.com/T4Li.exe
Targets
-
-
Target
4d4b9740fceb875ea8b5c0e75eee518c_JaffaCakes118
-
Size
89KB
-
MD5
4d4b9740fceb875ea8b5c0e75eee518c
-
SHA1
e8d30f1012b70a8b80672dad829a7f77156fe50c
-
SHA256
00cbc16f250d25dd2633d07c071692ee26823e055d2ed4d7cd87766dce41e704
-
SHA512
eaaa5020cbaafc884482101fa3fcc14a413ef0c7a1aa4a73993fa3899894a0ca8c5f1dad6d2c86f48c66e9db5b2ac498680b8f94f2adcf8e156400f8a24e3f4c
-
SSDEEP
1536:mTfV30H1G7tqT3ngZcYYzdFDIJT+fuY/13GFGO+MYMTvCEyskzZx:2VGybcYYzdFIJTQJ5O+lLEyvx
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-