General
-
Target
44a2cfcefcefb1d1ea5cf88c4b625142_JaffaCakes118
-
Size
119KB
-
Sample
241014-25ayvavepk
-
MD5
44a2cfcefcefb1d1ea5cf88c4b625142
-
SHA1
8c1f547e78683433137a83e94fd188a21864cd32
-
SHA256
32b134c830060df4251b195b865beb4b16ce16eb090b2fbcf08215a6c7f74d6e
-
SHA512
0dc0f00627671ac1d9191af9bb33e9e55624cc020be5c3002a89d0e483d206d5bc663e1e0c1ec06c45146d9909315c4ea572dea93470f3988d8c9e43f9fa64cd
-
SSDEEP
3072:P9xntNHEj0/AHs0Th22cp61NFgNk0V4Ba+xMr/:zlALg2y60BKBa+xa
Static task
static1
Behavioral task
behavioral1
Sample
44a2cfcefcefb1d1ea5cf88c4b625142_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
44a2cfcefcefb1d1ea5cf88c4b625142_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://nursenextdoor.com:443/forum/viewtopic.php
http://dreamonseniorswish.org:443/forum/viewtopic.php
http://prospexleads.com:8080/forum/viewtopic.php
http://phonebillssuck.com:8080/forum/viewtopic.php
-
payload_url
http://globaldoesitall.com/hPr0.exe
http://derricoassociati.it/rjrtYyw5.exe
http://csisatx.com/MTj5yF.exe
http://www.flesnercompanies.com/xavAm.exe
Targets
-
-
Target
44a2cfcefcefb1d1ea5cf88c4b625142_JaffaCakes118
-
Size
119KB
-
MD5
44a2cfcefcefb1d1ea5cf88c4b625142
-
SHA1
8c1f547e78683433137a83e94fd188a21864cd32
-
SHA256
32b134c830060df4251b195b865beb4b16ce16eb090b2fbcf08215a6c7f74d6e
-
SHA512
0dc0f00627671ac1d9191af9bb33e9e55624cc020be5c3002a89d0e483d206d5bc663e1e0c1ec06c45146d9909315c4ea572dea93470f3988d8c9e43f9fa64cd
-
SSDEEP
3072:P9xntNHEj0/AHs0Th22cp61NFgNk0V4Ba+xMr/:zlALg2y60BKBa+xa
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-