General
-
Target
4c9afd165a93677276d1da8b6dff2fb5_JaffaCakes118
-
Size
92KB
-
Sample
240729-rzv2qaxcjh
-
MD5
4c9afd165a93677276d1da8b6dff2fb5
-
SHA1
5e5fb4f4d1977c06dfb943ee551c21bc61f0920b
-
SHA256
cb122f687d03c49d956925e63bc2d218f9247e4350ad98f05584c805beab4401
-
SHA512
f9f5632ead51717eb9d98645e2309ec78be0e02fc3fe03c64b0370b4ee0808727b0d31fafb3c7053870fab602fa2394b643bb7cac107786c0e5fe3719387bd36
-
SSDEEP
1536:UxQ0QTUqT/+sotrN02dMVlAMuoXSo+OEgtYTvsEYxkzZ2:CQlV8N02dqlpYOE2EY62
Behavioral task
behavioral1
Sample
4c9afd165a93677276d1da8b6dff2fb5_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
4c9afd165a93677276d1da8b6dff2fb5_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://4.pianetapollo.com/forum/viewtopic.php
http://4.pierferdinandocasini.net/forum/viewtopic.php
-
payload_url
http://carolinaaramburo.com/nKY9.exe
http://sesliminciler.tk/HuG7iYXU.exe
http://safetyskid.com/zewHoN.exe
Targets
-
-
Target
4c9afd165a93677276d1da8b6dff2fb5_JaffaCakes118
-
Size
92KB
-
MD5
4c9afd165a93677276d1da8b6dff2fb5
-
SHA1
5e5fb4f4d1977c06dfb943ee551c21bc61f0920b
-
SHA256
cb122f687d03c49d956925e63bc2d218f9247e4350ad98f05584c805beab4401
-
SHA512
f9f5632ead51717eb9d98645e2309ec78be0e02fc3fe03c64b0370b4ee0808727b0d31fafb3c7053870fab602fa2394b643bb7cac107786c0e5fe3719387bd36
-
SSDEEP
1536:UxQ0QTUqT/+sotrN02dMVlAMuoXSo+OEgtYTvsEYxkzZ2:CQlV8N02dqlpYOE2EY62
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-