General
-
Target
5a7322c7504a9f7d818d76d9d107c3ea_JaffaCakes118
-
Size
344KB
-
Sample
240729-xt72zsvfkl
-
MD5
5a7322c7504a9f7d818d76d9d107c3ea
-
SHA1
632a54553c9ea4e590a6a9d592fce72b5a0c8b4c
-
SHA256
10e282394d6e1f7111f12e3e4a73b171ffa7a1dcd3b67edf736929c476a280a2
-
SHA512
fc4cf2448927dacdd540066462d617f728622512cd4669bc653d89774d0017e3f75077700cddf4311cf3867635f7758c4a1be3a2ab768d1669d918fe461225cb
-
SSDEEP
6144:tZjM2JVWsfcK3Vdc3qIFEwIdWjZ9RQXrjw:tZjM2ystldc3tS2ZXQbk
Static task
static1
Behavioral task
behavioral1
Sample
5a7322c7504a9f7d818d76d9d107c3ea_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5a7322c7504a9f7d818d76d9d107c3ea_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://globalminingsupplies.com/index/help/gate.php
Targets
-
-
Target
5a7322c7504a9f7d818d76d9d107c3ea_JaffaCakes118
-
Size
344KB
-
MD5
5a7322c7504a9f7d818d76d9d107c3ea
-
SHA1
632a54553c9ea4e590a6a9d592fce72b5a0c8b4c
-
SHA256
10e282394d6e1f7111f12e3e4a73b171ffa7a1dcd3b67edf736929c476a280a2
-
SHA512
fc4cf2448927dacdd540066462d617f728622512cd4669bc653d89774d0017e3f75077700cddf4311cf3867635f7758c4a1be3a2ab768d1669d918fe461225cb
-
SSDEEP
6144:tZjM2JVWsfcK3Vdc3qIFEwIdWjZ9RQXrjw:tZjM2ystldc3tS2ZXQbk
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-