General
-
Target
e7300abfa596757735ea820bb31528b2_JaffaCakes118
-
Size
144KB
-
Sample
240917-tfstcs1fpb
-
MD5
e7300abfa596757735ea820bb31528b2
-
SHA1
61dfc1d880a2259b3c99be9ccd862314a60b33fe
-
SHA256
6556c619ea5693a31f96f5c5f207d4796fd75bbf90914ece901b07971bfa4501
-
SHA512
9003a3e3020981e7dbf45f25af0009c16602c9d4fea470fb286a8a8e2b1e4d717f831f40e5c25813c785269c094d8e518d7438112f520b77aca52da85607faa8
-
SSDEEP
3072:0jlKZelTD6X0PbG9ZfgD40H5nAwbuw+aw3gpaJafzud:4welS4bGjfOxtzbCWasbU
Static task
static1
Behavioral task
behavioral1
Sample
e7300abfa596757735ea820bb31528b2_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
e7300abfa596757735ea820bb31528b2_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
pony
http://74.53.97.66:8080/forum/viewtopic.php
http://74.53.97.67:8080/forum/viewtopic.php
-
payload_url
http://underthepickletree.com.au/kmjeYdop.exe
http://suntime.gr/Vxpy.exe
http://www.luxurytimedistribution.com/QGp2J.exe
http://erally.ro/dKXV3.exe
http://autoinsurancequotest.org/vaqKy.exe
http://thestoremilano.com/TaVnSz14.exe
Targets
-
-
Target
e7300abfa596757735ea820bb31528b2_JaffaCakes118
-
Size
144KB
-
MD5
e7300abfa596757735ea820bb31528b2
-
SHA1
61dfc1d880a2259b3c99be9ccd862314a60b33fe
-
SHA256
6556c619ea5693a31f96f5c5f207d4796fd75bbf90914ece901b07971bfa4501
-
SHA512
9003a3e3020981e7dbf45f25af0009c16602c9d4fea470fb286a8a8e2b1e4d717f831f40e5c25813c785269c094d8e518d7438112f520b77aca52da85607faa8
-
SSDEEP
3072:0jlKZelTD6X0PbG9ZfgD40H5nAwbuw+aw3gpaJafzud:4welS4bGjfOxtzbCWasbU
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-