General
-
Target
e68021ae4230f71f126239cd84df9bb3_JaffaCakes118
-
Size
145KB
-
Sample
240917-ladhgsvfre
-
MD5
e68021ae4230f71f126239cd84df9bb3
-
SHA1
bbb8078ff70aeb93d8cbbaa3caa843fdc317c98c
-
SHA256
4fe15cd4e869cb2682ae5443a6fad67c5176bc3ec45146c243942306f9ecf031
-
SHA512
c54e563ad7b601f5b97a5874ebdccdd197e68cc82d6c01d5490591e7e756d467aac50cafbaee83efe90f08828fab767ef9ac2265a42640d537d89c8383497ad0
-
SSDEEP
3072:J9PkRI4YEs8wK00jH9XP474yZnZNoPzkJG2RDkzagfovR9:HWaf49XP1PP28fovR
Static task
static1
Behavioral task
behavioral1
Sample
e68021ae4230f71f126239cd84df9bb3_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e68021ae4230f71f126239cd84df9bb3_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
pony
http://209.59.219.1/forum/viewtopic.php
http://212.58.20.11/forum/viewtopic.php
-
payload_url
http://217.8.252.120/fHxWzur.exe
http://fiveonegroup.com.au/K3AEFRm.exe
http://arwebs.com.ar/w0tieb.exe
Targets
-
-
Target
e68021ae4230f71f126239cd84df9bb3_JaffaCakes118
-
Size
145KB
-
MD5
e68021ae4230f71f126239cd84df9bb3
-
SHA1
bbb8078ff70aeb93d8cbbaa3caa843fdc317c98c
-
SHA256
4fe15cd4e869cb2682ae5443a6fad67c5176bc3ec45146c243942306f9ecf031
-
SHA512
c54e563ad7b601f5b97a5874ebdccdd197e68cc82d6c01d5490591e7e756d467aac50cafbaee83efe90f08828fab767ef9ac2265a42640d537d89c8383497ad0
-
SSDEEP
3072:J9PkRI4YEs8wK00jH9XP474yZnZNoPzkJG2RDkzagfovR9:HWaf49XP1PP28fovR
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-