General
-
Target
5e4ade4705a4d9740ab401dd57a2481a_JaffaCakes118
-
Size
164KB
-
Sample
240729-y992ystcnc
-
MD5
5e4ade4705a4d9740ab401dd57a2481a
-
SHA1
b45dd4f3c4a93b7bccf0662e471326fc93012fc9
-
SHA256
acdc87381a6782f5c23afc0eb76ece013baa0b10357e5d003af3468fdd3af3c3
-
SHA512
d97ed5c221913310b0bb9f19b62e8eca22ca854c0ef7f05fab6312b76bab61b103abea0434ec4db5851fc71ab37f794e63a588278e24997fa393ed8cd27593ea
-
SSDEEP
3072:QfaTgpRM+TqOsz+a98A+c1cbaIB8gJfdMNvsbRTg+n:Wvwts/JFi0bRTg+n
Behavioral task
behavioral1
Sample
0day warez.url
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
0day warez.url
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
CPLApp.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
CPLApp.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
patch.exe
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
patch.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://travisok.mcdir.ru/images/redirect.php
http://www.sm-tecnology.com/style/images/redirect.php
http://asgardtattoo.eu/css/redirect.php
http://vanhoye.com/flash/com/greensock/redirect.php
http://alzamilco.com/ar/style/redirect.php
http://e-harel.info/images/style/redirect.php
http://posaliege.be/message/images/redirect.php
http://billfinnell.com/inc/redirect.php
http://www.loisirsetculture.com/sites/default/1213.dat
http://e-harel.info/images/style/1213.dat
http://posaliege.be/message/images/1213.dat
http://www.tdgd.eu/test/php/1213.dat
http://billfinnell.com/inc/1213.dat
-
payload_url
http://asgardtattoo.eu/css/1213.exe
http://vanhoye.com/flash/com/greensock/1213.exe
Targets
-
-
Target
0day warez.url
-
Size
117B
-
MD5
8cbd314b2ad010d3d98b491bf43e17e5
-
SHA1
a2c325f51fbca539ba4257aeb28c7a3f5b7c2c55
-
SHA256
74487459b955a2a5c2139979109005bd2fb1a4c5ba00c6b66e8b09788a32c404
-
SHA512
d3544903e08be65288e6ee057bf98df9646d93381136d8c34df74c99d7c28933f1321bc3575d3a70878cbcb0bfc72f0a0fdc6eea8f4972e4a5af61afee3dae1c
Score1/10 -
-
-
Target
CPLApp.cpl
-
Size
71KB
-
MD5
6e6ff1275216a0c31bbb792b53f47083
-
SHA1
5da5d675ab6873993bdfcc871e2cb08701453fc3
-
SHA256
700573ca11f25afd36f7efaf8309d0eed89dd687e966563ef8faab715666506d
-
SHA512
5856a28b0dd3f3fceeaaba852aef0ccbed1bb8595249fdc83d4b76e9d83aa7bb9c7fd557346b5302ee5ffec979aa8561afa71bae126bf46e3dc16425d51e089a
-
SSDEEP
768:uoeZZay22YPfYl+hZYhTjRFcK9601g6vuoMRhil2rQAbTfSOsMY9cmIILX:5eQ/PfEhTjTgpRMSbTqOsz9c6b
Score3/10 -
-
-
Target
patch.exe
-
Size
189KB
-
MD5
b9f4a8d7ed01fc2b82f54625ff1b7e07
-
SHA1
0c5fb471eb643d61560cb9d3ba747e12d40fff4b
-
SHA256
7697d25b5b0795bd209223971c51a65b89843837c90341d5842e70178a36fa85
-
SHA512
c71fa8ffcb7e89386c59293b629acb382458c22e34b54d9d084bd5b9dddac23c8d141cacd945c72c73e99783449a3ab6952f0b8b30853fe45bf6d27deab71587
-
SSDEEP
3072:QJIRo4OilJA4hOfEo8mSkqu3HSWaxXpX0wWd2QDyIlBnU:QJ8ol8AGOXSkpXdY0ld2odU
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-