General
-
Target
4d7e767a648c98203cd6bf9373831255_JaffaCakes118
-
Size
107KB
-
Sample
240729-r9wq1atdjk
-
MD5
4d7e767a648c98203cd6bf9373831255
-
SHA1
19ad30059c64f49024e02fce40220204f36b43dd
-
SHA256
ad08babd8275e60e65077d5776af3725cd89701c763e773df3304e554d6deac9
-
SHA512
944eb6f225d37892ecd5d3e08f3a0502442b2d9a665833d338122c48bede3ef8fe2ae2b84b75c8e19ed6cd0151e5b75f5ad34c2ec4ce5959896b2074b847f282
-
SSDEEP
3072:CQ1XYgmhdvRYC+E8gwIkWsAPbkmxYCdyvYKwB1:FovhXT+E8QTsAiCMvYjT
Static task
static1
Behavioral task
behavioral1
Sample
4d7e767a648c98203cd6bf9373831255_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
4d7e767a648c98203cd6bf9373831255_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://91.121.84.204:8080/pony/gate.php
http://91.121.93.178:8080/pony/gate.php
-
payload_url
http://tecins.com.ar/anTQr.exe
Targets
-
-
Target
4d7e767a648c98203cd6bf9373831255_JaffaCakes118
-
Size
107KB
-
MD5
4d7e767a648c98203cd6bf9373831255
-
SHA1
19ad30059c64f49024e02fce40220204f36b43dd
-
SHA256
ad08babd8275e60e65077d5776af3725cd89701c763e773df3304e554d6deac9
-
SHA512
944eb6f225d37892ecd5d3e08f3a0502442b2d9a665833d338122c48bede3ef8fe2ae2b84b75c8e19ed6cd0151e5b75f5ad34c2ec4ce5959896b2074b847f282
-
SSDEEP
3072:CQ1XYgmhdvRYC+E8gwIkWsAPbkmxYCdyvYKwB1:FovhXT+E8QTsAiCMvYjT
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-