General
-
Target
68ee01acd53c766ebc2785318409e502_JaffaCakes118
-
Size
100KB
-
Sample
240730-aa2pjaxenp
-
MD5
68ee01acd53c766ebc2785318409e502
-
SHA1
cb1a7d09ed4aa84820f9b975d976163f5a439b1c
-
SHA256
4ab77b4c9bfb746d93b09f510a2c72e10994219b79d07a1e932967358fc896f1
-
SHA512
543120590ce46994cf06c9e9daeafb99c895d37c67f6839923fe6a56712446dacf480082c5cf19f016299c962f5bd2907c42159b693dff73450e2d8e6f969299
-
SSDEEP
1536:c8CAsfIr3iqT4QcD+YKX8EzDxVvzG2Cv/0u3JXOO3u3TvZEqukzmIJ:WCbqqLX8EzdVq2CtOOedEqOIJ
Behavioral task
behavioral1
Sample
68ee01acd53c766ebc2785318409e502_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
68ee01acd53c766ebc2785318409e502_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://rolex6.serverthuis.nl/po/gate.php
http://rolex7.serverthuis.nl/po/gate.php
-
payload_url
http://skin.mad.buttobi.net/11.exe
http://skin.mad.buttobi.net/22.exe
http://skin.mad.buttobi.net/33.exe
http://deltagoma.es/Scripts/11.exe
http://deltagoma.es/Scripts/22.exe
http://deltagoma.es/Scripts/33.exe
http://energy.elsat.net.pl/Delikatesy/11.exe
http://energy.elsat.net.pl/Delikatesy/22.exe
http://energy.elsat.net.pl/Delikatesy/33.exe
Targets
-
-
Target
68ee01acd53c766ebc2785318409e502_JaffaCakes118
-
Size
100KB
-
MD5
68ee01acd53c766ebc2785318409e502
-
SHA1
cb1a7d09ed4aa84820f9b975d976163f5a439b1c
-
SHA256
4ab77b4c9bfb746d93b09f510a2c72e10994219b79d07a1e932967358fc896f1
-
SHA512
543120590ce46994cf06c9e9daeafb99c895d37c67f6839923fe6a56712446dacf480082c5cf19f016299c962f5bd2907c42159b693dff73450e2d8e6f969299
-
SSDEEP
1536:c8CAsfIr3iqT4QcD+YKX8EzDxVvzG2Cv/0u3JXOO3u3TvZEqukzmIJ:WCbqqLX8EzdVq2CtOOedEqOIJ
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-