General
-
Target
56350d9485a989e0d5618c3413efdbe6_JaffaCakes118
-
Size
188KB
-
Sample
240729-v9ts7awdjf
-
MD5
56350d9485a989e0d5618c3413efdbe6
-
SHA1
208034eb52deb639fc4d122cd6c573829027513b
-
SHA256
5cabe714abd2cc09f0e39d4f1a179c5adc0046cbf41b5a2eb86c860848c8509e
-
SHA512
96a96de453529bfc392ffbef320f6d8fd847bf64433062a7f5aab35ede0197cc957e685e59bbd55469184534dabeb7af154067e9d2da96f097b6ea61626f5a30
-
SSDEEP
3072:ojoHUWEC91ePzKqvxDjov79TtQjF2jHvzGCoCvCyCI3cb:J0O92KqvxDkk52jHSCoCvCyCFb
Static task
static1
Behavioral task
behavioral1
Sample
56350d9485a989e0d5618c3413efdbe6_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
56350d9485a989e0d5618c3413efdbe6_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://forum-voip.com:8080/forum/viewtopic.php
http://forum-voip.net:8080/forum/viewtopic.php
http://paralysiesfaciale.com:8080/forum/viewtopic.php
http://paralysiesfaciales.com:8080/forum/viewtopic.php
-
payload_url
http://saginawmasoniccenter.com/aLFaP.exe
http://ftp.trophybookoutfitters.com/eNn05B6p.exe
http://juaki.com/7R9xzt.exe
Targets
-
-
Target
56350d9485a989e0d5618c3413efdbe6_JaffaCakes118
-
Size
188KB
-
MD5
56350d9485a989e0d5618c3413efdbe6
-
SHA1
208034eb52deb639fc4d122cd6c573829027513b
-
SHA256
5cabe714abd2cc09f0e39d4f1a179c5adc0046cbf41b5a2eb86c860848c8509e
-
SHA512
96a96de453529bfc392ffbef320f6d8fd847bf64433062a7f5aab35ede0197cc957e685e59bbd55469184534dabeb7af154067e9d2da96f097b6ea61626f5a30
-
SSDEEP
3072:ojoHUWEC91ePzKqvxDjov79TtQjF2jHvzGCoCvCyCI3cb:J0O92KqvxDkk52jHSCoCvCyCFb
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-