General
-
Target
5e93246d234d3c9af0098a1fdaa41cd3_JaffaCakes118
-
Size
124KB
-
Sample
240729-zdjqkatdqh
-
MD5
5e93246d234d3c9af0098a1fdaa41cd3
-
SHA1
3c1e4201a63fc0b47769d298858b33c1a17539ad
-
SHA256
c13017d1ac5dea80c209e2dc794c76b89338d0e3550366125d4a877be566a830
-
SHA512
b2899033e701c725623b707b2c495b42561a21f3c1f30302a727aa97b54e03dcdce91e76b707a284a1ec65ceeb3a33be33e66483ecaba4e3f5e17bea9a1865f3
-
SSDEEP
1536:saGC8kebxhvM2i0+lyy/Hh9P509FLGMG2+FbXY20m510MRuU7fUtQh8xvk2e4Qld:okebxGlt9B09v+miilYIQhIVFQlaxA
Static task
static1
Behavioral task
behavioral1
Sample
5e93246d234d3c9af0098a1fdaa41cd3_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5e93246d234d3c9af0098a1fdaa41cd3_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://91.220.35.125/internet_goo.php
http://209.236.67.163/8bd7d5194/wergwrg3gwer
http://209.236.67.163/8bd7d5194/rebhg542
http://209.236.67.163/8bd7d5194/wert34g45ht
http://209.236.67.163/8bd7d5194/brgn424t235
http://209.236.67.163/8bd7d5194/werghw45gwe
Targets
-
-
Target
5e93246d234d3c9af0098a1fdaa41cd3_JaffaCakes118
-
Size
124KB
-
MD5
5e93246d234d3c9af0098a1fdaa41cd3
-
SHA1
3c1e4201a63fc0b47769d298858b33c1a17539ad
-
SHA256
c13017d1ac5dea80c209e2dc794c76b89338d0e3550366125d4a877be566a830
-
SHA512
b2899033e701c725623b707b2c495b42561a21f3c1f30302a727aa97b54e03dcdce91e76b707a284a1ec65ceeb3a33be33e66483ecaba4e3f5e17bea9a1865f3
-
SSDEEP
1536:saGC8kebxhvM2i0+lyy/Hh9P509FLGMG2+FbXY20m510MRuU7fUtQh8xvk2e4Qld:okebxGlt9B09v+miilYIQhIVFQlaxA
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-