General
-
Target
530617eb4e8539377f0528f4062f8790_JaffaCakes118
-
Size
89KB
-
Sample
240729-t5zcfaxhnk
-
MD5
530617eb4e8539377f0528f4062f8790
-
SHA1
02998856ea8529382941e8ef6b8b8c74d2699326
-
SHA256
38ad75b1f16ff8ad37e779802b3979d5dbc8ebe9b4b17e1eec20bde4a9e7417e
-
SHA512
6c4e7c41f89cbaacdde47d9cba5790a9dea22a01b229d35e3e9d4ec34d5b7e1aae96bcebfebdb80cd34ea05715d029c1e7c2da364879dc5f0b9c55cdef91cadc
-
SSDEEP
1536:6Dh3csBGoHqT/T6099z9pvBV+miuQSzy5uOekEuTvGE6dkzZt:yhbX299z9dBV+NJAOexhE6et
Behavioral task
behavioral1
Sample
530617eb4e8539377f0528f4062f8790_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
530617eb4e8539377f0528f4062f8790_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://forum-voip.com:8080/ponyb/gate.php
http://forum-voip.net:8080/ponyb/gate.php
http://paralysiesfaciale.com:8080/ponyb/gate.php
http://paralysiesfaciales.com:8080/ponyb/gate.php
-
payload_url
http://elektroinvest.com.mk/wo5.exe
http://cerram.es/222Xu.exe
http://alina-schmitt.de/qJ1qhU.exe
http://smallbizsuccessguide.com/g6XiC.exe
http://pastamutfagi.com/up0UEB.exe
Targets
-
-
Target
530617eb4e8539377f0528f4062f8790_JaffaCakes118
-
Size
89KB
-
MD5
530617eb4e8539377f0528f4062f8790
-
SHA1
02998856ea8529382941e8ef6b8b8c74d2699326
-
SHA256
38ad75b1f16ff8ad37e779802b3979d5dbc8ebe9b4b17e1eec20bde4a9e7417e
-
SHA512
6c4e7c41f89cbaacdde47d9cba5790a9dea22a01b229d35e3e9d4ec34d5b7e1aae96bcebfebdb80cd34ea05715d029c1e7c2da364879dc5f0b9c55cdef91cadc
-
SSDEEP
1536:6Dh3csBGoHqT/T6099z9pvBV+miuQSzy5uOekEuTvGE6dkzZt:yhbX299z9dBV+NJAOexhE6et
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-