General
-
Target
6e08fff2d62bd60e0f4673da7d7cc752_JaffaCakes118
-
Size
218KB
-
Sample
240730-b94hvawdnb
-
MD5
6e08fff2d62bd60e0f4673da7d7cc752
-
SHA1
283da9d345843e2f5cd64c51beac8c18f9af84d5
-
SHA256
908b8fd04c485554d182cd47a44885c77e1143e89b7f5514d5382c558692efb0
-
SHA512
c5bd93b73d81a924aea322954b8beede21b1d2d5f9bf15dcac8527a0aa80e5ddc38656038d8917fca118d67ee92fdfa6f469291658002fb7e3c2478660424985
-
SSDEEP
1536:FKVl4RPddw4I+OOY8VJ2JydvUXFglpIuJa+jXlYaybF4nkZNW6sHQ4daQpnPqAw0:W4RPw4Ie2JMvUV6bJV1+FBu7aQoAq
Static task
static1
Behavioral task
behavioral1
Sample
6e08fff2d62bd60e0f4673da7d7cc752_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
6e08fff2d62bd60e0f4673da7d7cc752_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://ppcbizgroups.com/wake/gate.php
Targets
-
-
Target
6e08fff2d62bd60e0f4673da7d7cc752_JaffaCakes118
-
Size
218KB
-
MD5
6e08fff2d62bd60e0f4673da7d7cc752
-
SHA1
283da9d345843e2f5cd64c51beac8c18f9af84d5
-
SHA256
908b8fd04c485554d182cd47a44885c77e1143e89b7f5514d5382c558692efb0
-
SHA512
c5bd93b73d81a924aea322954b8beede21b1d2d5f9bf15dcac8527a0aa80e5ddc38656038d8917fca118d67ee92fdfa6f469291658002fb7e3c2478660424985
-
SSDEEP
1536:FKVl4RPddw4I+OOY8VJ2JydvUXFglpIuJa+jXlYaybF4nkZNW6sHQ4daQpnPqAw0:W4RPw4Ie2JMvUV6bJV1+FBu7aQoAq
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-