General
-
Target
44a0a47fa4be2bd297486dfcb391eba8_JaffaCakes118
-
Size
179KB
-
Sample
241014-237vssvekk
-
MD5
44a0a47fa4be2bd297486dfcb391eba8
-
SHA1
82c49ebc430e53f515244a4c6a455cf8f250515b
-
SHA256
a0d1c8e7a2c3b319c4f68a3536e5be6ad6de37a25158c647a21dab27ed26f44a
-
SHA512
8b11a64e5a9dceb18612e3e2f8f06dc35e01a07f6d3677d004cd0d75bf72c09d93750f91c943cbb03cd9871a7b59495f8fec557262abb6b2826ddb0b30a70814
-
SSDEEP
3072:j7U0OEqCrl8JG+moBce70TbOaRQ7vG/qHA/8:fU6qCru01eAbanAk
Static task
static1
Behavioral task
behavioral1
Sample
44a0a47fa4be2bd297486dfcb391eba8_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
44a0a47fa4be2bd297486dfcb391eba8_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://108.178.59.26/forum/viewtopic.php
http://206.72.197.13/forum/viewtopic.php
-
payload_url
http://umbrellasandbeyond.mivamerchant.net/8kvut.exe
http://www.nuscimedia.com/7oEN.exe
http://mobile-for-products.com/Waytw.exe
Targets
-
-
Target
44a0a47fa4be2bd297486dfcb391eba8_JaffaCakes118
-
Size
179KB
-
MD5
44a0a47fa4be2bd297486dfcb391eba8
-
SHA1
82c49ebc430e53f515244a4c6a455cf8f250515b
-
SHA256
a0d1c8e7a2c3b319c4f68a3536e5be6ad6de37a25158c647a21dab27ed26f44a
-
SHA512
8b11a64e5a9dceb18612e3e2f8f06dc35e01a07f6d3677d004cd0d75bf72c09d93750f91c943cbb03cd9871a7b59495f8fec557262abb6b2826ddb0b30a70814
-
SSDEEP
3072:j7U0OEqCrl8JG+moBce70TbOaRQ7vG/qHA/8:fU6qCru01eAbanAk
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-