General
-
Target
e70e84f1c336e6a16632e9155b8c4c01_JaffaCakes118
-
Size
157KB
-
Sample
240917-r5yd2aydnc
-
MD5
e70e84f1c336e6a16632e9155b8c4c01
-
SHA1
ab67ec30fff642cd6ee60be07bf003a70f90baa0
-
SHA256
d2885a46bb252098f56aa60be74bd5aea0f3fed608367ab10322dbd1a9489330
-
SHA512
c283c4c2b3e2ff7776e972ccbb7e2a512bdca5510d0232d64a731a65b25fde467d13af4df31cd32bf66414e5227714817ae8bcfaba5d2fcb5614ad1f029ceea9
-
SSDEEP
3072:gm1dipHTNFXtxeB7PGuqFMXfYjMZvYlWJR:gm1oHTNFXWB7PGuBfYGvkWJ
Static task
static1
Behavioral task
behavioral1
Sample
e70e84f1c336e6a16632e9155b8c4c01_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e70e84f1c336e6a16632e9155b8c4c01_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
pony
http://67.215.225.205:8080/forum/viewtopic.php
http://209.59.219.88/forum/viewtopic.php
-
payload_url
http://acwebnet.com/cueT50r.exe
http://whatismyrenovationcost.com/XDQV2z.exe
http://www.fahrsicherheit-cardrive.de/ZGg.exe
Targets
-
-
Target
e70e84f1c336e6a16632e9155b8c4c01_JaffaCakes118
-
Size
157KB
-
MD5
e70e84f1c336e6a16632e9155b8c4c01
-
SHA1
ab67ec30fff642cd6ee60be07bf003a70f90baa0
-
SHA256
d2885a46bb252098f56aa60be74bd5aea0f3fed608367ab10322dbd1a9489330
-
SHA512
c283c4c2b3e2ff7776e972ccbb7e2a512bdca5510d0232d64a731a65b25fde467d13af4df31cd32bf66414e5227714817ae8bcfaba5d2fcb5614ad1f029ceea9
-
SSDEEP
3072:gm1dipHTNFXtxeB7PGuqFMXfYjMZvYlWJR:gm1oHTNFXWB7PGuBfYGvkWJ
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-