General
-
Target
6c342e7a6c35a6b758653119f15457af_JaffaCakes118
-
Size
91KB
-
Sample
240730-bjbp5svbrg
-
MD5
6c342e7a6c35a6b758653119f15457af
-
SHA1
7b7377a5a0f97219ef24b31096c74d43b0993aa8
-
SHA256
ed75c9ecd45eb487354abc0b40b4ea5c27cdc636cbbc07d55241a65cc3004efa
-
SHA512
1f2bb8d38ac3400868d3080714c128f396e457bd299edfd5ed2efc897b8b956cb09cd7a6e2583949c2c916f6cc3777b2d14faa60129f9ae0620812d1c2a3b2f0
-
SSDEEP
1536:I0Q89eYqqTn2Nnb6omC4rTqdPzpGSRuCscRaquHmjlBO+IkETvKEKLkzmj9:HiY+2o6rTqdPzpGSDrRaaBOhmEKzZ
Behavioral task
behavioral1
Sample
6c342e7a6c35a6b758653119f15457af_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
6c342e7a6c35a6b758653119f15457af_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
pony
http://116.122.158.195:8080/forum/viewtopic.php
http://siteseoguide.com:8080/forum/viewtopic.php
http://uksonlinedating.com:8080/forum/viewtopic.php
http://199.59.56.105:8080/forum/viewtopic.php
-
payload_url
http://dinodel.de/as0vC.exe
http://www.mssdatamasters.com/U2iuT.exe
http://www.jwenba.de/X6HF4.exe
Targets
-
-
Target
6c342e7a6c35a6b758653119f15457af_JaffaCakes118
-
Size
91KB
-
MD5
6c342e7a6c35a6b758653119f15457af
-
SHA1
7b7377a5a0f97219ef24b31096c74d43b0993aa8
-
SHA256
ed75c9ecd45eb487354abc0b40b4ea5c27cdc636cbbc07d55241a65cc3004efa
-
SHA512
1f2bb8d38ac3400868d3080714c128f396e457bd299edfd5ed2efc897b8b956cb09cd7a6e2583949c2c916f6cc3777b2d14faa60129f9ae0620812d1c2a3b2f0
-
SSDEEP
1536:I0Q89eYqqTn2Nnb6omC4rTqdPzpGSRuCscRaquHmjlBO+IkETvKEKLkzmj9:HiY+2o6rTqdPzpGSDrRaaBOhmEKzZ
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-