General
-
Target
0aee0d8d26e59bf963be0b31ed70aeab_JaffaCakes118
-
Size
228KB
-
Sample
241002-qygbhayeml
-
MD5
0aee0d8d26e59bf963be0b31ed70aeab
-
SHA1
f012396d1a882d29b86655c87485ee3455bd52ee
-
SHA256
f48dbb494e071c0c3ddf94e83e087e22a99526dc210f42dc545fda0868449a74
-
SHA512
e91c2b6454a7e83f2cb5c785abc7421da92cc0b4dc660808fc00fe8df87ac2540054b0de1b9b56a3e4b5bd21f04a445f5e7e55be107d0f1db6e4d45de6b4e96e
-
SSDEEP
3072:rhpyCWjuzxvFXW0Mp2M6SP5XcC9pVN2zDy:jyVuRdSQMV5XcCTYD
Static task
static1
Behavioral task
behavioral1
Sample
0aee0d8d26e59bf963be0b31ed70aeab_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0aee0d8d26e59bf963be0b31ed70aeab_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
pony
http://doseja.com/hope/zela/gate.php
-
payload_url
http://doseja.com/hope/zela/shit.exe
Targets
-
-
Target
0aee0d8d26e59bf963be0b31ed70aeab_JaffaCakes118
-
Size
228KB
-
MD5
0aee0d8d26e59bf963be0b31ed70aeab
-
SHA1
f012396d1a882d29b86655c87485ee3455bd52ee
-
SHA256
f48dbb494e071c0c3ddf94e83e087e22a99526dc210f42dc545fda0868449a74
-
SHA512
e91c2b6454a7e83f2cb5c785abc7421da92cc0b4dc660808fc00fe8df87ac2540054b0de1b9b56a3e4b5bd21f04a445f5e7e55be107d0f1db6e4d45de6b4e96e
-
SSDEEP
3072:rhpyCWjuzxvFXW0Mp2M6SP5XcC9pVN2zDy:jyVuRdSQMV5XcCTYD
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-