General
-
Target
5f005d9a90ee7eb2e93e0cf1c947e5b4_JaffaCakes118
-
Size
113KB
-
Sample
240729-zh473atfpd
-
MD5
5f005d9a90ee7eb2e93e0cf1c947e5b4
-
SHA1
2a6520da11c54b2152687ea41ec887e3983791dd
-
SHA256
9bc8ccddd258b85a633078cb92b21eb2b8dfd2e0fffbf6567694dfb179093b54
-
SHA512
45988cc42926a707caa7bc3358e9d55b7e17918bd4cc428cdcfd28cb1bafb1819f002580a837f9d9baa94fecefebc9835758a1bcbd8656931d509207054e477c
-
SSDEEP
3072:kTY7VKne46G8HyyNg1xYFer6mo1GxUkcm0E:sgVH4qPNgXek30E
Static task
static1
Behavioral task
behavioral1
Sample
5f005d9a90ee7eb2e93e0cf1c947e5b4_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5f005d9a90ee7eb2e93e0cf1c947e5b4_JaffaCakes118.exe
Resource
win10v2004-20240729-en
Malware Config
Extracted
pony
http://sam-latrilogie.com:8080/pony/gate.php
http://loceanic.fr:8080/pony/gate.php
-
payload_url
http://viveroparadiso.com.ar/NSyf.exe
http://greatroastcoffee.com/w1HjW1.exe
Targets
-
-
Target
5f005d9a90ee7eb2e93e0cf1c947e5b4_JaffaCakes118
-
Size
113KB
-
MD5
5f005d9a90ee7eb2e93e0cf1c947e5b4
-
SHA1
2a6520da11c54b2152687ea41ec887e3983791dd
-
SHA256
9bc8ccddd258b85a633078cb92b21eb2b8dfd2e0fffbf6567694dfb179093b54
-
SHA512
45988cc42926a707caa7bc3358e9d55b7e17918bd4cc428cdcfd28cb1bafb1819f002580a837f9d9baa94fecefebc9835758a1bcbd8656931d509207054e477c
-
SSDEEP
3072:kTY7VKne46G8HyyNg1xYFer6mo1GxUkcm0E:sgVH4qPNgXek30E
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-